diff --git a/doc/packages/linux.section.md b/doc/packages/linux.section.md index 8551c77d940d..9722b22fd2f5 100644 --- a/doc/packages/linux.section.md +++ b/doc/packages/linux.section.md @@ -5,7 +5,7 @@ The Nix expressions to build the Linux kernel are in [`pkgs/os-specific/linux/ke The function [`pkgs.buildLinux`](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/generic.nix) builds a kernel with [common configuration values](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/common-config.nix). This is the preferred option unless you have a very specific use case. Most kernels packaged in Nixpkgs are built that way, and it will also generate kernels suitable for NixOS. -[`pkgs.linuxManualConfig`](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/manual-config.nix) requires a complete configuration to be passed. +[`pkgs.linuxManualConfig`](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/build.nix) requires a complete configuration to be passed. It has fewer additional features than `pkgs.buildLinux`, which provides common configuration values and exposes the `features` attribute, as explained below. Both functions have an argument `kernelPatches` which should be a list of `{name, patch, extraConfig}` attribute sets, where `name` is the name of the patch (which is included in the kernel’s `meta.description` attribute), `patch` is the patch itself (possibly compressed), and `extraConfig` (optional) is a string specifying extra options to be concatenated to the kernel configuration file (`.config`). @@ -75,7 +75,7 @@ pkgs.linuxPackages_custom { ::: -Additional attributes can be used with `linuxManualConfig` for further customisation instead of `linuxPackages_custom`. You're encouraged to read [the `pkgs.linuxManualConfig` source code](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/manual-config.nix) to understand how to use them. +Additional attributes can be used with `linuxManualConfig` for further customisation instead of `linuxPackages_custom`. You're encouraged to read [the `pkgs.linuxManualConfig` source code](https://github.com/NixOS/nixpkgs/blob/d77bda728d5041c1294a68fb25c79e2d161f62b9/pkgs/os-specific/linux/kernel/build.nix) to understand how to use them. To edit the `.config` file for Linux X.Y from within Nix, proceed as follows: diff --git a/doc/release-notes/rl-2511.section.md b/doc/release-notes/rl-2511.section.md index a9adc2e64efc..0b95eec7cd44 100644 --- a/doc/release-notes/rl-2511.section.md +++ b/doc/release-notes/rl-2511.section.md @@ -399,3 +399,8 @@ ### Additions and Improvements {#sec-nixpkgs-release-25.11-lib-additions-improvements} - `lib.cli.toCommandLine`, `lib.cli.toCommandLineShell`, `lib.cli.toCommandLineGNU` and `lib.cli.toCommandLineShellGNU` have been added to address multiple issues in `lib.cli.toGNUCommandLine` and `lib.cli.toGNUCommandLineShell`. + +- `ugrep`: Added `wrapWithFilterUtils` package flag for optionally wrapping `ugrep+` and `ug+` with filter utilities for grepping other file types. + +- `ugrep`: Added `createGrepReplacementLinks` package flag for optionally creating drop-in replacement symlinks for `gnugrep`. + diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 1a80919715aa..bb777bcd9e45 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -9033,6 +9033,12 @@ githubId = 1313787; name = "Gabriella Gonzalez"; }; + GabrielMaguire = { + email = "gabrielmaguire@proton.me"; + github = "GabrielMaguire"; + githubId = 39974571; + name = "Gabriel Maguire"; + }; gabyx = { email = "gnuetzi@gmail.com"; github = "gabyx"; diff --git a/nixos/modules/programs/coolercontrol.nix b/nixos/modules/programs/coolercontrol.nix index 000fb091bcc6..7103526d79b5 100644 --- a/nixos/modules/programs/coolercontrol.nix +++ b/nixos/modules/programs/coolercontrol.nix @@ -34,13 +34,11 @@ in systemd = { packages = with pkgs.coolercontrol; [ - coolercontrol-liqctld coolercontrold ]; # https://github.com/NixOS/nixpkgs/issues/81138 services = { - coolercontrol-liqctld.wantedBy = [ "multi-user.target" ]; coolercontrold.wantedBy = [ "multi-user.target" ]; }; }; diff --git a/nixos/modules/services/misc/n8n.nix b/nixos/modules/services/misc/n8n.nix index f3e9f698e35f..60c4e1cfd3f7 100644 --- a/nixos/modules/services/misc/n8n.nix +++ b/nixos/modules/services/misc/n8n.nix @@ -6,10 +6,17 @@ }: let cfg = config.services.n8n; - format = pkgs.formats.json { }; - configFile = format.generate "n8n.json" cfg.settings; in { + imports = [ + (lib.mkRemovedOptionModule [ "services" "n8n" "settings" ] "Use services.n8n.environment instead.") + (lib.mkRemovedOptionModule [ + "services" + "n8n" + "webhookUrl" + ] "Use services.n8n.environment.WEBHOOK_URL instead.") + ]; + options.services.n8n = { enable = lib.mkEnableOption "n8n server"; @@ -19,47 +26,66 @@ in description = "Open ports in the firewall for the n8n web interface."; }; - settings = lib.mkOption { - type = format.type; + environment = lib.mkOption { + description = '' + Environment variables to pass to the n8n service. + See for available options. + ''; + type = lib.types.submodule { + freeformType = with lib.types; attrsOf str; + options = { + GENERIC_TIMEZONE = lib.mkOption { + type = with lib.types; nullOr str; + default = config.time.timeZone; + defaultText = lib.literalExpression "config.time.timeZone"; + description = '' + The n8n instance timezone. Important for schedule nodes (such as Cron). + ''; + }; + N8N_PORT = lib.mkOption { + type = with lib.types; coercedTo port toString str; + default = 5678; + description = "The HTTP port n8n runs on."; + }; + N8N_USER_FOLDER = lib.mkOption { + type = lib.types.path; + # This folder must be writeable as the application is storing + # its data in it, so the StateDirectory is a good choice + default = "/var/lib/n8n"; + description = '' + Provide the path where n8n will create the .n8n folder. + This directory stores user-specific data, such as database file and encryption key. + ''; + readOnly = true; + }; + N8N_DIAGNOSTICS_ENABLED = lib.mkOption { + type = with lib.types; coercedTo bool toString str; + default = false; + description = '' + Whether to share selected, anonymous telemetry with n8n. + Note that if you set this to false, you can't enable Ask AI in the Code node. + ''; + }; + N8N_VERSION_NOTIFICATIONS_ENABLED = lib.mkOption { + type = with lib.types; coercedTo bool toString str; + default = false; + description = '' + When enabled, n8n sends notifications of new versions and security updates. + ''; + }; + }; + }; default = { }; - description = '' - Configuration for n8n, see - for supported values. - ''; }; - - webhookUrl = lib.mkOption { - type = lib.types.str; - default = ""; - description = '' - WEBHOOK_URL for n8n, in case we're running behind a reverse proxy. - This cannot be set through configuration and must reside in an environment variable. - ''; - }; - }; config = lib.mkIf cfg.enable { - services.n8n.settings = { - # We use this to open the firewall, so we need to know about the default at eval time - port = lib.mkDefault 5678; - }; - systemd.services.n8n = { - description = "N8N service"; + description = "n8n service"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment = { - # This folder must be writeable as the application is storing - # its data in it, so the StateDirectory is a good choice - N8N_USER_FOLDER = "/var/lib/n8n"; - HOME = "/var/lib/n8n"; - N8N_CONFIG_FILES = "${configFile}"; - WEBHOOK_URL = "${cfg.webhookUrl}"; - - # Don't phone home - N8N_DIAGNOSTICS_ENABLED = "false"; - N8N_VERSION_NOTIFICATIONS_ENABLED = "false"; + environment = cfg.environment // { + HOME = config.services.n8n.environment.N8N_USER_FOLDER; }; serviceConfig = { Type = "simple"; @@ -88,7 +114,7 @@ in }; networking.firewall = lib.mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.settings.port ]; + allowedTCPPorts = [ (lib.toInt cfg.environment.N8N_PORT) ]; }; }; } diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix index 7b39d58248c4..a65e0c00feba 100644 --- a/nixos/modules/tasks/filesystems/zfs.nix +++ b/nixos/modules/tasks/filesystems/zfs.nix @@ -798,7 +798,7 @@ in extraBin = { zpool = "${cfgZfs.package}/sbin/zpool"; zfs = "${cfgZfs.package}/sbin/zfs"; - mount.zfs = "${cfgZfs.package}/sbin/mount.zfs"; + "mount.zfs" = "${cfgZfs.package}/sbin/mount.zfs"; awk = "${pkgs.gawk}/bin/awk"; }; storePaths = [ diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index df47807b44b7..7e911dc85a88 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -516,8 +516,7 @@ in ergochat = runTest ./ergochat.nix; esphome = runTest ./esphome.nix; etc = pkgs.callPackage ../modules/system/etc/test.nix { inherit evalMinimalConfig; }; - etcd = runTestOn [ "aarch64-linux" "x86_64-linux" ] ./etcd/etcd.nix; - etcd-cluster = runTestOn [ "aarch64-linux" "x86_64-linux" ] ./etcd/etcd-cluster.nix; + etcd = import ./etcd/default.nix { inherit pkgs runTest; }; etebase-server = runTest ./etebase-server.nix; etesync-dav = runTest ./etesync-dav.nix; evcc = runTest ./evcc.nix; diff --git a/nixos/tests/etcd/default.nix b/nixos/tests/etcd/default.nix new file mode 100644 index 000000000000..96add9670a95 --- /dev/null +++ b/nixos/tests/etcd/default.nix @@ -0,0 +1,43 @@ +{ + pkgs, + runTest, + ... +}: + +let + testEtcd = + path: oPkgs: + runTest ( + let + etcdPkgs = pkgs // oPkgs; + in + pkgs.lib.recursiveUpdate { + meta = { + maintainers = etcdPkgs.etcd.meta.maintainers; + platforms = [ + "aarch64-linux" + "x86_64-linux" + ]; + }; + } (import path etcdPkgs) + ); + testEtcdPkg = pkg: path: testEtcd path { etcd = pkg; }; + testEtcd_3_4 = testEtcdPkg pkgs.etcd_3_4; + testEtcd_3_5 = testEtcdPkg pkgs.etcd_3_5; + testEtcd_3_6 = testEtcdPkg pkgs.etcd_3_6; +in + +{ + "3_4" = { + multi-node = testEtcd_3_4 ./multi-node.nix; + single-node = testEtcd_3_4 ./single-node.nix; + }; + "3_5" = { + multi-node = testEtcd_3_5 ./multi-node.nix; + single-node = testEtcd_3_5 ./single-node.nix; + }; + "3_6" = { + multi-node = testEtcd_3_6 ./multi-node.nix; + single-node = testEtcd_3_6 ./single-node.nix; + }; +} diff --git a/nixos/tests/etcd/etcd-cluster.nix b/nixos/tests/etcd/multi-node.nix similarity index 97% rename from nixos/tests/etcd/etcd-cluster.nix rename to nixos/tests/etcd/multi-node.nix index aa66c8498356..0ce36d0f14b6 100644 --- a/nixos/tests/etcd/etcd-cluster.nix +++ b/nixos/tests/etcd/multi-node.nix @@ -1,6 +1,5 @@ -# This test runs simple etcd cluster +{ pkgs, etcd, ... }: -{ lib, pkgs, ... }: let runWithOpenSSL = file: cmd: @@ -77,6 +76,7 @@ let services = { etcd = { enable = true; + package = etcd; keyFile = etcd_key; certFile = etcd_cert; trustedCaFile = ca_pem; @@ -99,10 +99,9 @@ let networking.firewall.allowedTCPPorts = [ 2380 ]; }; in -{ - name = "etcd-cluster"; - meta.maintainers = with lib.maintainers; [ offline ]; +{ + name = "etcd-multi-node"; nodes = { node1 = @@ -170,4 +169,5 @@ in node1.succeed("etcdctl put /foo/bar 'Hello degraded world'") node1.succeed("etcdctl get /foo/bar | grep 'Hello degraded world'") ''; + } diff --git a/nixos/tests/etcd/etcd.nix b/nixos/tests/etcd/single-node.nix similarity index 74% rename from nixos/tests/etcd/etcd.nix rename to nixos/tests/etcd/single-node.nix index 9c423ef35185..0d2bdea166d9 100644 --- a/nixos/tests/etcd/etcd.nix +++ b/nixos/tests/etcd/single-node.nix @@ -1,11 +1,13 @@ -# This test runs simple etcd node -{ lib, ... }: +{ etcd, ... }: + { - name = "etcd"; - meta.maintainers = with lib.maintainers; [ offline ]; + name = "etcd-single-node"; nodes.node = { - services.etcd.enable = true; + services.etcd = { + enable = true; + package = etcd; + }; }; testScript = '' @@ -19,4 +21,5 @@ node.succeed("etcdctl put /foo/bar 'Hello world'") node.succeed("etcdctl get /foo/bar | grep 'Hello world'") ''; + } diff --git a/nixos/tests/n8n.nix b/nixos/tests/n8n.nix index 56ffabaca1ed..673e322f786b 100644 --- a/nixos/tests/n8n.nix +++ b/nixos/tests/n8n.nix @@ -23,7 +23,7 @@ in services.n8n = { enable = true; - webhookUrl = webhookUrl; + environment.WEBHOOK_URL = webhookUrl; }; }; @@ -32,5 +32,7 @@ in machine.wait_for_console_text("Editor is now accessible via") machine.succeed("curl --fail -vvv http://localhost:${toString port}/") machine.succeed("grep -qF ${webhookUrl} /etc/systemd/system/n8n.service") + machine.succeed("grep -qF 'HOME=/var/lib/n8n' /etc/systemd/system/n8n.service") + machine.fail("grep -qF 'GENERIC_TIMEZONE=' /etc/systemd/system/n8n.service") ''; } diff --git a/nixos/tests/vscodium.nix b/nixos/tests/vscodium.nix index 8badad20b03c..7cb0871ac9bc 100644 --- a/nixos/tests/vscodium.nix +++ b/nixos/tests/vscodium.nix @@ -45,6 +45,10 @@ let turion ]; + # x86_64: https://github.com/NixOS/nixpkgs/pull/452801#issuecomment-3415680343 + # aarch64: https://github.com/NixOS/nixpkgs/issues/207234 + meta.broken = name == "wayland"; + enableOCR = true; testScript = '' diff --git a/pkgs/applications/editors/vscode/vscodium.nix b/pkgs/applications/editors/vscode/vscodium.nix index a2ab054df798..496a86337f80 100644 --- a/pkgs/applications/editors/vscode/vscodium.nix +++ b/pkgs/applications/editors/vscode/vscodium.nix @@ -26,11 +26,11 @@ let hash = { - x86_64-linux = "sha256-uW5fD7/mjFN9Ap21h2Kht7rztEVGWIYcQMfXW/jzHHI="; - x86_64-darwin = "sha256-xY84sbFPU4wDWH546h+ItxM1ohuv9ZuTNYN37lVFEJ4="; - aarch64-linux = "sha256-nO13ItYXeChbO/C12S679FKt+pk9d42DMrrb9LhoCPc="; - aarch64-darwin = "sha256-wqAbzL0uK12UkmvaZRb13GZGIgg/Wo1u1qB4cCgxVWk="; - armv7l-linux = "sha256-kw9OBihzHweHtpltjQKZ+yTpGuGGzJkB9fk5aBbuj0g="; + x86_64-linux = "sha256-+aMcRAM1mOu2rLCVGtkygGgM/8VNeteM66BOlmQCIpA="; + x86_64-darwin = "sha256-A/5l3LZn7SYNLkixNAfcb0HJlXY9dN9tjDT/KJ4Ycqk="; + aarch64-linux = "sha256-LxVKn5ld2mhsV9ya2V9zXEjtEZRAUWupMgkWXSgrL+8="; + aarch64-darwin = "sha256-jF18swYLWCtT0GerSLkT01M1sGZmkAb6bRZlRL5Bna4="; + armv7l-linux = "sha256-MlN22vWh0FiqgYQqZ1YjhAEtPRGaGv4Rz3J3LF6udts="; } .${system} or throwSystem; @@ -41,7 +41,7 @@ callPackage ./generic.nix rec { # Please backport all compatible updates to the stable release. # This is important for the extension ecosystem. - version = "1.105.16954"; + version = "1.105.17075"; pname = "vscodium"; executableName = "codium"; diff --git a/pkgs/applications/misc/pdfsam-basic/default.nix b/pkgs/applications/misc/pdfsam-basic/default.nix index 2d73912750a6..b5c131015efb 100644 --- a/pkgs/applications/misc/pdfsam-basic/default.nix +++ b/pkgs/applications/misc/pdfsam-basic/default.nix @@ -3,63 +3,95 @@ stdenv, makeDesktopItem, fetchurl, - jdk21, + temurin-jre-bin-21, + javaPackages, wrapGAppsHook3, - glib, + dpkg, + xorg, + gtk3, + libGL, + alsa-lib, nix-update-script, + desktop-file-utils, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "pdfsam-basic"; - version = "5.3.2"; + version = "5.4.1"; src = fetchurl { - url = "https://github.com/torakiki/pdfsam/releases/download/v${version}/pdfsam-basic_${version}-1_amd64.deb"; - hash = "sha256-Y0Q9uT6cyxIYTX0JxoS0r3TamPT1iLXr94Zex30AeWo="; + url = "https://github.com/torakiki/pdfsam/releases/download/v${finalAttrs.version}/pdfsam-basic_${finalAttrs.version}-1_amd64.deb"; + hash = "sha256-iM0avC0YwxaB2prWbiKJZ9Fzd/HcdDWJg5IWRmNlVkM="; }; - unpackPhase = '' - ar vx ${src} - tar xvf data.tar.gz - ''; - - nativeBuildInputs = [ wrapGAppsHook3 ]; - buildInputs = [ glib ]; - - preFixup = '' - gappsWrapperArgs+=(--set JAVA_HOME "${jdk21}" --set PDFSAM_JAVA_PATH "${jdk21}") - ''; + nativeBuildInputs = [ + dpkg + wrapGAppsHook3 + desktop-file-utils + ]; installPhase = '' - cp -R opt/pdfsam-basic/ $out/ - mkdir -p "$out"/share/icons - cp --recursive ${desktopItem}/share/applications $out/share - cp $out/icon.svg "$out"/share/icons/pdfsam-basic.svg + runHook preInstall + desktop-file-edit usr/share/applications/pdfsam-basic.desktop \ + --set-key="Exec" --set-value="pdfsam-basic %F" \ + --set-key="Path" --set-value="$out/share/pdfsam-basic" \ + --set-icon="pdfsam-basic" + mkdir $out + cp -r usr/share $out/share + mkdir $out/share/pdfsam-basic + cp -r opt/pdfsam-basic/lib $out/share/pdfsam-basic/lib + install -Dm0644 opt/pdfsam-basic/splash.png $out/share/pdfsam-basic/splash.png + install -Dm0644 opt/pdfsam-basic/icon.svg $out/share/icons/hicolor/scalable/apps/pdfsam-basic.svg + mkdir $out/bin + makeWrapper ${temurin-jre-bin-21}/bin/java $out/bin/pdfsam-basic \ + "''${gappsWrapperArgs[@]}" \ + --set JAVA_HOME ${temurin-jre-bin-21} \ + --set PDFSAM_JAVA_PATH ${temurin-jre-bin-21} \ + --prefix LD_LIBRARY_PATH : ${ + lib.makeLibraryPath [ + javaPackages.openjfx23 # PDFSam Basic requires JDK 21 and JavaFX 23 https://github.com/torakiki/pdfsam/issues/785#issuecomment-3446564717 + xorg.libXxf86vm + xorg.libXtst + gtk3 + libGL + alsa-lib + ] + } \ + --add-flags ${ + lib.escapeShellArg ( + lib.escapeShellArgs [ + "--enable-preview" + "--module-path" + "${placeholder "out"}/share/pdfsam-basic/lib" + "--module" + "org.pdfsam.basic/org.pdfsam.basic.App" + "-Xmx512M" + "-splash:${placeholder "out"}/share/pdfsam-basic/splash.png" + "-Dapp.name=\"pdfsam-basic\"" + "-Dapp.pid=\"$$\"" + "-Dapp.home=\"${placeholder "out"}/share/pdfsam-basic\"" + "-Dbasedir=\"${placeholder "out"}/share/pdfsam-basic\"" + "-Dprism.lcdtext=false" + ] + ) + } + runHook postInstall ''; - desktopItem = makeDesktopItem { - name = pname; - exec = pname; - icon = pname; - comment = meta.description; - desktopName = "PDFsam Basic"; - genericName = "PDF Split and Merge"; - mimeTypes = [ "application/pdf" ]; - categories = [ "Office" ]; - }; + dontWrapGApps = true; passthru.updateScript = nix-update-script { }; - meta = with lib; { + meta = { homepage = "https://github.com/torakiki/pdfsam"; description = "Multi-platform software designed to extract pages, split, merge, mix and rotate PDF files"; mainProgram = "pdfsam-basic"; - sourceProvenance = with sourceTypes; [ + sourceProvenance = with lib.sourceTypes; [ binaryBytecode binaryNativeCode ]; - license = licenses.agpl3Plus; + license = lib.licenses.agpl3Plus; platforms = [ "x86_64-linux" ]; - maintainers = with maintainers; [ _1000101 ]; + maintainers = with lib.maintainers; [ _1000101 ]; }; -} +}) diff --git a/pkgs/applications/networking/maestral-qt/default.nix b/pkgs/applications/networking/maestral-qt/default.nix index 2be6ae59feb1..293b28e074c7 100644 --- a/pkgs/applications/networking/maestral-qt/default.nix +++ b/pkgs/applications/networking/maestral-qt/default.nix @@ -11,7 +11,7 @@ python3.pkgs.buildPythonApplication rec { pname = "maestral-qt"; - version = "1.9.4"; + version = "1.9.5"; pyproject = true; disabled = python3.pythonOlder "3.7"; @@ -20,7 +20,7 @@ python3.pkgs.buildPythonApplication rec { owner = "SamSchott"; repo = "maestral-qt"; tag = "v${version}"; - hash = "sha256-VkJOKKYnoXux3WjD1JwINGWwv1SMIXfidyV2ITE7dJc="; + hash = "sha256-FCn9ELbodk+zCJNmlOVoxE/KSSqbxy5HTB1vpiu7AJA="; }; build-system = with python3.pkgs; [ setuptools ]; diff --git a/pkgs/applications/system/coolercontrol/coolercontrol-liqctld.nix b/pkgs/applications/system/coolercontrol/coolercontrol-liqctld.nix deleted file mode 100644 index 2dc770421e9f..000000000000 --- a/pkgs/applications/system/coolercontrol/coolercontrol-liqctld.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ python3 }: - -{ - version, - src, - meta, -}: - -python3.pkgs.buildPythonApplication { - pname = "coolercontrol-liqctld"; - inherit version src; - sourceRoot = "${src.name}/coolercontrol-liqctld"; - format = "pyproject"; - - nativeBuildInputs = with python3.pkgs; [ setuptools ]; - - propagatedBuildInputs = with python3.pkgs; [ - liquidctl - setproctitle - fastapi - uvicorn - ]; - - postInstall = '' - install -Dm444 "${src}/packaging/systemd/coolercontrol-liqctld.service" -t "$out/lib/systemd/system" - substituteInPlace "$out/lib/systemd/system/coolercontrol-liqctld.service" \ - --replace-fail '/usr/bin' "$out/bin" - ''; - - meta = meta // { - description = "${meta.description} (Liquidctl Daemon)"; - mainProgram = "coolercontrol-liqctld"; - }; -} diff --git a/pkgs/applications/system/coolercontrol/coolercontrol-ui-data.nix b/pkgs/applications/system/coolercontrol/coolercontrol-ui-data.nix index 0f687c9d5278..d2af32efee38 100644 --- a/pkgs/applications/system/coolercontrol/coolercontrol-ui-data.nix +++ b/pkgs/applications/system/coolercontrol/coolercontrol-ui-data.nix @@ -11,7 +11,7 @@ buildNpmPackage { inherit version src; sourceRoot = "${src.name}/coolercontrol-ui"; - npmDepsHash = "sha256-FFVCE3/E+eiTvTeU53cc1Mdbrl5J3+YgYUYltpnGXz0="; + npmDepsHash = "sha256-MhMHo6wjkaSCyevwzAKCvSsJTmAq9rYFG1ZVUAkRc0Y="; postBuild = '' cp -r dist $out diff --git a/pkgs/applications/system/coolercontrol/coolercontrold.nix b/pkgs/applications/system/coolercontrol/coolercontrold.nix index 7bdaa624ac68..50987847a587 100644 --- a/pkgs/applications/system/coolercontrol/coolercontrold.nix +++ b/pkgs/applications/system/coolercontrol/coolercontrold.nix @@ -5,6 +5,8 @@ coolercontrol, runtimeShell, addDriverRunpath, + python3Packages, + liquidctl, }: { @@ -18,10 +20,16 @@ rustPlatform.buildRustPackage { inherit version src; sourceRoot = "${src.name}/coolercontrold"; - cargoHash = "sha256-ZyYyQcaYd3VZ7FL0Hki33JO3LscPfBT5gl+nw2cXvUs="; + cargoHash = "sha256-4aSEEBtxwTyAx5CPa2fDBhx5U+Ql2X/tKPQHLIsm3I0="; buildInputs = [ libdrm ]; - nativeBuildInputs = [ addDriverRunpath ]; + + nativeBuildInputs = [ + addDriverRunpath + python3Packages.wrapPython + ]; + + pythonPath = [ liquidctl ]; postPatch = '' # copy the frontend static resources to a directory for embedding @@ -41,12 +49,15 @@ rustPlatform.buildRustPackage { postFixup = '' addDriverRunpath "$out/bin/coolercontrold" + + buildPythonPath "$pythonPath" + wrapProgram "$out/bin/coolercontrold" \ + --prefix PATH : $program_PATH \ + --prefix PYTHONPATH : $program_PYTHONPATH ''; passthru.tests.version = testers.testVersion { package = coolercontrol.coolercontrold; - # coolercontrold prints its version with "v" prefix - version = "v${version}"; }; meta = meta // { diff --git a/pkgs/applications/system/coolercontrol/default.nix b/pkgs/applications/system/coolercontrol/default.nix index 009525ec8eb3..d11e7f40aa6c 100644 --- a/pkgs/applications/system/coolercontrol/default.nix +++ b/pkgs/applications/system/coolercontrol/default.nix @@ -5,20 +5,23 @@ }: let - version = "2.1.0"; + version = "3.0.1"; src = fetchFromGitLab { owner = "coolercontrol"; repo = "coolercontrol"; rev = version; - hash = "sha256-xIc0ZecQGyjMQWVaucKomu7SbaHy+ymg5dkOjHjtJ9c="; + hash = "sha256-PvEj3xYJVpHNfd5p7kyw+eW9S/g1FB/YiFgWEJDDbus="; }; meta = { description = "Monitor and control your cooling devices"; homepage = "https://gitlab.com/coolercontrol/coolercontrol"; license = lib.licenses.gpl3Plus; - platforms = [ "x86_64-linux" ]; + platforms = [ + "x86_64-linux" + "aarch64-linux" + ]; maintainers = with lib.maintainers; [ codifryed OPNA2608 @@ -33,6 +36,4 @@ in coolercontrold = applySharedDetails (callPackage ./coolercontrold.nix { }); coolercontrol-gui = applySharedDetails (callPackage ./coolercontrol-gui.nix { }); - - coolercontrol-liqctld = applySharedDetails (callPackage ./coolercontrol-liqctld.nix { }); } diff --git a/pkgs/applications/version-management/qgit/default.nix b/pkgs/applications/version-management/qgit/default.nix index cc946a3e78d1..cb654c45de32 100644 --- a/pkgs/applications/version-management/qgit/default.nix +++ b/pkgs/applications/version-management/qgit/default.nix @@ -10,13 +10,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "qgit"; - version = "2.12"; + version = "2.13"; src = fetchFromGitHub { owner = "tibirna"; repo = "qgit"; rev = "qgit-${finalAttrs.version}"; - hash = "sha256-q81nY9D/8riMTFP8gDRbY2PjVo+NwRu/XEN1Yn0P/pk="; + hash = "sha256-hOx6FYccutycp+F3iesj48STFeBM/2r5cw2f5FkBIjY="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix b/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix index cdaf829d7581..e7b0af1bea7f 100644 --- a/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix +++ b/pkgs/by-name/am/amazon-cloudwatch-agent/package.nix @@ -11,16 +11,16 @@ buildGoModule rec { pname = "amazon-cloudwatch-agent"; - version = "1.300059.0"; + version = "1.300061.0"; src = fetchFromGitHub { owner = "aws"; repo = "amazon-cloudwatch-agent"; tag = "v${version}"; - hash = "sha256-xon1M3xusoFngeZ2CJprS1z4fcrWeKCKaAtAfv4SBWw="; + hash = "sha256-Qt17JyD9zW914nVcxcpY3af42CqKJtKBEISSMy6/ong="; }; - vendorHash = "sha256-79BaMjl1bzQcl3FUvpwRsPneQRyfabU481eLgWA1U6Y="; + vendorHash = "sha256-g06fRyuCRypOP6AvHTp73ml5JycAdp2OeceU4GAesvA="; # See the list in https://github.com/aws/amazon-cloudwatch-agent/blob/v1.300049.1/Makefile#L68-L77. subPackages = [ diff --git a/pkgs/by-name/ap/appcsxcad/package.nix b/pkgs/by-name/ap/appcsxcad/package.nix index ae9504c3d2fa..4d1a5b3d82b5 100644 --- a/pkgs/by-name/ap/appcsxcad/package.nix +++ b/pkgs/by-name/ap/appcsxcad/package.nix @@ -2,6 +2,7 @@ lib, stdenv, fetchFromGitHub, + fetchpatch, cmake, csxcad, qcsxcad, @@ -25,6 +26,20 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-KrsnCnRZRTbkgEH3hOETrYhseg5mCHPqhAbYyHlS3sk="; }; + patches = [ + # ref. https://github.com/thliebig/AppCSXCAD/pull/14 merged upstream + (fetchpatch { + name = "update-minimum-cmake-required.patch"; + url = "https://github.com/thliebig/AppCSXCAD/commit/9585207eb08195c3f1c47dc9d6a80b563a3272e0.patch"; + hash = "sha256-2+C3cqQMU3UL12h0f7EdBZVqeJVSPhDVbMOcqbOY0gg="; + }) + (fetchpatch { + name = "remove-cmp0020-policy.patch"; + url = "https://github.com/thliebig/AppCSXCAD/commit/688c07cd847f463a2a42f01d41751374b4f787c8.patch"; + hash = "sha256-pa6imzrUoVA3Ebc4UGPACJ6qjYiHOjB5aQ9FN/CUpVM="; + }) + ]; + nativeBuildInputs = [ cmake qt6.wrapQtAppsHook diff --git a/pkgs/by-name/aw/aws-encryption-sdk-cli/package.nix b/pkgs/by-name/aw/aws-encryption-sdk-cli/package.nix index dce0c6a561c0..b5a07237c8b9 100644 --- a/pkgs/by-name/aw/aws-encryption-sdk-cli/package.nix +++ b/pkgs/by-name/aw/aws-encryption-sdk-cli/package.nix @@ -12,9 +12,11 @@ let self = localPython; packageOverrides = final: prev: { urllib3 = prev.urllib3.overridePythonAttrs (prev: rec { - pyproject = true; version = "1.26.18"; - nativeBuildInputs = with final; [ setuptools ]; + build-system = with final; [ + setuptools + ]; + postPatch = null; src = prev.src.override { inherit version; hash = "sha256-+OzBu6VmdBNFfFKauVW/jGe0XbeZ0VkGYmFxnjKFgKA="; diff --git a/pkgs/by-name/ch/chart-testing/package.nix b/pkgs/by-name/ch/chart-testing/package.nix index 976e0c9c48fa..de3c2d68332a 100644 --- a/pkgs/by-name/ch/chart-testing/package.nix +++ b/pkgs/by-name/ch/chart-testing/package.nix @@ -14,16 +14,16 @@ buildGoModule rec { pname = "chart-testing"; - version = "3.13.0"; + version = "3.14.0"; src = fetchFromGitHub { owner = "helm"; repo = "chart-testing"; rev = "v${version}"; - hash = "sha256-59a86yR/TDAWGCsj3pbDjXJGMvyHYnjsnxzjWr61PuU="; + hash = "sha256-wdUUo19bFf3ov+Rd+JV6CtbH9TWGC73lWRrNLOfNGR8="; }; - vendorHash = "sha256-aVXISRthJxxvtrfC0DpewLHCiJPh4tO+SKl3Q9uP14k="; + vendorHash = "sha256-29rGyStJsnhJiO01DIFf/ROaYsXGg3YRJatdzC6A7JU="; postPatch = '' substituteInPlace pkg/config/config.go \ diff --git a/pkgs/by-name/ch/chicago95/package.nix b/pkgs/by-name/ch/chicago95/package.nix new file mode 100644 index 000000000000..d3a9e61289a7 --- /dev/null +++ b/pkgs/by-name/ch/chicago95/package.nix @@ -0,0 +1,51 @@ +{ + lib, + stdenvNoCC, + fetchFromGitHub, + gtk3, +}: + +stdenvNoCC.mkDerivation (finalAttrs: { + pname = "chicago95"; + version = "3.0.1"; + + src = fetchFromGitHub { + owner = "grassmunk"; + repo = "Chicago95"; + rev = "v${finalAttrs.version}"; + hash = "sha256-EHcDIct2VeTsjbQWnKB2kwSFNb97dxuydAu+i/VquBA="; + }; + + nativeBuildInputs = [ gtk3 ]; + + installPhase = '' + runHook preInstall + + mkdir -p $out/share/themes + mv Theme/Chicago95 $out/share/themes + + mkdir -p $out/share/icons + mv Icons/Chicago95 $out/share/icons + gtk-update-icon-cache $out/share/icons/Chicago95 + + mkdir -p $out/share/sddm/themes + tar -xzf KDE/SDDM/Chicago95.tar.gz -C "$out/share/sddm/themes/" + + mkdir -p $out/share/fonts + cp Fonts/vga_font/* $out/share/fonts + + runHook postInstall + ''; + + meta = { + description = "Windows 95 theme for GTK"; + homepage = "https://github.com/grassmunk/Chicago95"; + changelog = "https://github.com/grassmunk/Chicago95/releases/tag/v${finalAttrs.version}"; + license = with lib.licenses; [ + gpl3Plus + mit + ]; + platforms = lib.platforms.linux; + maintainers = with lib.maintainers; [ GabrielMaguire ]; + }; +}) diff --git a/pkgs/by-name/co/cosmic-initial-setup/package.nix b/pkgs/by-name/co/cosmic-initial-setup/package.nix index 252c3898567a..50d475808d86 100644 --- a/pkgs/by-name/co/cosmic-initial-setup/package.nix +++ b/pkgs/by-name/co/cosmic-initial-setup/package.nix @@ -16,6 +16,7 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "cosmic-initial-setup"; version = "1.0.0-beta.3"; + # nixpkgs-update: no auto update src = fetchFromGitHub { owner = "pop-os"; repo = "cosmic-initial-setup"; diff --git a/pkgs/by-name/cr/crosvm/package.nix b/pkgs/by-name/cr/crosvm/package.nix index 9bcb2f6a1069..0b3d9291048f 100644 --- a/pkgs/by-name/cr/crosvm/package.nix +++ b/pkgs/by-name/cr/crosvm/package.nix @@ -21,12 +21,12 @@ rustPlatform.buildRustPackage { pname = "crosvm"; - version = "0-unstable-2025-10-15"; + version = "0-unstable-2025-10-21"; src = fetchgit { url = "https://chromium.googlesource.com/chromiumos/platform/crosvm"; - rev = "b516534fef1658536e76cfcb958db424c1a764b5"; - hash = "sha256-FZu/eWEZ9j/gBL9mYFB29aT3MF95hjRS075pAmv8SjA="; + rev = "f6de423867b914a59d86c54d102831bccc7ed2c8"; + hash = "sha256-xTuu1tMoFuMcj2RqtGjyDbcFPh3bTCtWpr0fuND4aos="; fetchSubmodules = true; }; diff --git a/pkgs/by-name/cs/csxcad/package.nix b/pkgs/by-name/cs/csxcad/package.nix index 5482166b4d76..7ee94a9253da 100644 --- a/pkgs/by-name/cs/csxcad/package.nix +++ b/pkgs/by-name/cs/csxcad/package.nix @@ -2,6 +2,7 @@ lib, stdenv, fetchFromGitHub, + fetchpatch, cmake, fparser, tinyxml, @@ -13,18 +14,26 @@ mpfr, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "csxcad"; version = "0.6.3"; src = fetchFromGitHub { owner = "thliebig"; repo = "CSXCAD"; - rev = "v${version}"; + rev = "v${finalAttrs.version}"; sha256 = "sha256-SSV5ulx3rCJg99I/oOQbqe+gOSs+BfcCo6UkWHVhnSs="; }; - patches = [ ./searchPath.patch ]; + patches = [ + ./searchPath.patch + # ref. https://github.com/thliebig/CSXCAD/pull/62 merged upstream + (fetchpatch { + name = "update-cmake-minimum-required.patch"; + url = "https://github.com/thliebig/CSXCAD/commit/b8ea64e11320910109a49b6da5352e1a1a18a736.patch"; + hash = "sha256-mpQmpvrEDjOKgEAZ5laIIepG+PWqSr637tOY7FQst2s="; + }) + ]; buildInputs = [ cgal @@ -39,11 +48,11 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake ]; - meta = with lib; { + meta = { description = "C++ library to describe geometrical objects"; homepage = "https://github.com/thliebig/CSXCAD"; - license = licenses.lgpl3; - maintainers = with maintainers; [ matthuszagh ]; - platforms = platforms.linux; + license = lib.licenses.lgpl3; + maintainers = with lib.maintainers; [ matthuszagh ]; + platforms = lib.platforms.linux; }; -} +}) diff --git a/pkgs/by-name/do/doomretro/package.nix b/pkgs/by-name/do/doomretro/package.nix index c2b4a281da2a..51f8808963c1 100644 --- a/pkgs/by-name/do/doomretro/package.nix +++ b/pkgs/by-name/do/doomretro/package.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "doomretro"; - version = "5.7.2"; + version = "5.8"; src = fetchFromGitHub { owner = "bradharding"; repo = "doomretro"; rev = "v${finalAttrs.version}"; - hash = "sha256-ShzZMmUwPB8IHhaA/7U4CEE7qcEjxfQDXVZkAVuEgtw="; + hash = "sha256-UCLIQEeKNJ0qTZQdzybdBxt/6catf8y3lnWKsjg2Mf8="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/el/elasticmq-server-bin/package.nix b/pkgs/by-name/el/elasticmq-server-bin/package.nix index 6b1d2860f4bc..5490d46aced7 100644 --- a/pkgs/by-name/el/elasticmq-server-bin/package.nix +++ b/pkgs/by-name/el/elasticmq-server-bin/package.nix @@ -15,11 +15,11 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "elasticmq-server"; - version = "1.6.14"; + version = "1.6.15"; src = fetchurl { url = "https://s3-eu-west-1.amazonaws.com/softwaremill-public/elasticmq-server-${finalAttrs.version}.jar"; - sha256 = "sha256-HVllLHz6zutonaLFwgyQKYSZxfp5QMslxf/PlzGWyG4="; + sha256 = "sha256-alxRZFx+Ulk4KYnlIVOClajk2MmfnfUooku2dMJd7c4="; }; # don't do anything? diff --git a/pkgs/servers/etcd/README.md b/pkgs/by-name/et/etcd/README.md similarity index 100% rename from pkgs/servers/etcd/README.md rename to pkgs/by-name/et/etcd/README.md diff --git a/pkgs/by-name/et/etcd/package.nix b/pkgs/by-name/et/etcd/package.nix new file mode 100644 index 000000000000..1d70cbf0fd3b --- /dev/null +++ b/pkgs/by-name/et/etcd/package.nix @@ -0,0 +1,3 @@ +{ etcd_3_5 }: + +etcd_3_5 diff --git a/pkgs/by-name/et/etcd_3_4/package.nix b/pkgs/by-name/et/etcd_3_4/package.nix index 19e6a6c62411..ac404468b339 100644 --- a/pkgs/by-name/et/etcd_3_4/package.nix +++ b/pkgs/by-name/et/etcd_3_4/package.nix @@ -1,22 +1,23 @@ { lib, - buildGoModule, + buildGo124Module, fetchFromGitHub, + nixosTests, }: -buildGoModule rec { +buildGo124Module rec { pname = "etcd"; - version = "3.4.37"; + version = "3.4.38"; src = fetchFromGitHub { owner = "etcd-io"; repo = "etcd"; rev = "v${version}"; - hash = "sha256-PZ+8hlxSwayR1yvjHmStMDur9e1uc2s+YB8qdz+42mA="; + hash = "sha256-+fRmz52ZqQTL8JJmSsufoVJP/FGHez9LliEwGsoCE7s="; }; proxyVendor = true; - vendorHash = "sha256-VeB0A+freNwgETQMIokiOPWovGq1FANUexnzxVg2aRA="; + vendorHash = "sha256-CqeSRyWDw1nCKlAI46iJXT5XjI3elxufx87QIlHwp1w="; preBuild = '' go mod tidy @@ -36,6 +37,8 @@ buildGoModule rec { install -Dm755 bin/* bin/functional/cmd/* -t $out/bin ''; + passthru.tests = nixosTests.etcd."3_4"; + meta = { description = "Distributed reliable key-value store for the most critical data of a distributed system"; downloadPage = "https://github.com/etcd-io/etcd/"; diff --git a/pkgs/servers/etcd/3_5/default.nix b/pkgs/by-name/et/etcd_3_5/package.nix similarity index 95% rename from pkgs/servers/etcd/3_5/default.nix rename to pkgs/by-name/et/etcd_3_5/package.nix index 5ca80ba041c5..b5b67dc32c4b 100644 --- a/pkgs/servers/etcd/3_5/default.nix +++ b/pkgs/by-name/et/etcd_3_5/package.nix @@ -101,11 +101,7 @@ symlinkJoin { deps = { inherit etcdserver etcdutl etcdctl; }; - - tests = { - inherit (nixosTests) etcd etcd-cluster; - k3s = k3s.passthru.tests.etcd; - }; + tests = nixosTests.etcd."3_5"; updateScript = ./update.sh; }; diff --git a/pkgs/servers/etcd/3_5/update.sh b/pkgs/by-name/et/etcd_3_5/update.sh similarity index 95% rename from pkgs/servers/etcd/3_5/update.sh rename to pkgs/by-name/et/etcd_3_5/update.sh index dc428420cbc9..7cc2632205fb 100755 --- a/pkgs/servers/etcd/3_5/update.sh +++ b/pkgs/by-name/et/etcd_3_5/update.sh @@ -30,7 +30,7 @@ if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then ETCD_SRC_HASH=$(nix --extra-experimental-features nix-command hash to-sri --type sha256 $ETCD_SRC_HASH) setKV () { - sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "$ETCD_PATH/default.nix" + sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "$ETCD_PATH/package.nix" } setKV version $LATEST_VERSION @@ -63,7 +63,7 @@ if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then # `git` flag here is to be used by local maintainers to speed up the bump process if [ $# -eq 1 ] && [ "$1" = "git" ]; then git switch -c "package-$ETCD_PKG_NAME-$LATEST_VERSION" - git add "$ETCD_PATH"/default.nix + git add "$ETCD_PATH"/package.nix git commit -m "$ETCD_PKG_NAME: $OLD_VERSION -> $LATEST_VERSION Release: https://github.com/etcd-io/etcd/releases/tag/$LATEST_TAG" diff --git a/pkgs/by-name/et/etcd_3_6/package.nix b/pkgs/by-name/et/etcd_3_6/package.nix index c7f75ac9d091..49a2ad7f92c1 100644 --- a/pkgs/by-name/et/etcd_3_6/package.nix +++ b/pkgs/by-name/et/etcd_3_6/package.nix @@ -1,8 +1,7 @@ { applyPatches, - buildGoModule, + buildGo124Module, fetchFromGitHub, - fetchpatch, installShellFiles, k3s, lib, @@ -12,11 +11,11 @@ }: let - version = "3.6.4"; - etcdSrcHash = "sha256-otz+06cOD2MVnMZWKId1GN+MeZfnDbdudiYfVCKdzuo="; - etcdCtlVendorHash = "sha256-kTH+s/SY+xwo6kt6iPJ7XDhin0jPk0FBr0eOe/717bE="; - etcdUtlVendorHash = "sha256-P0yx9YMMD9vT7N6LOlo26EAOi+Dj33p3ZjAYEoaL19A="; - etcdServerVendorHash = "sha256-kgbCT1JxI98W89veCItB7ZfW4d9D3/Ip3tOuFKEX9v4="; + version = "3.6.5"; + etcdSrcHash = "sha256-d0Ujg9ynnnSW0PYYYrNEmPtLnYW2HcCl+zcVo8ACiS0="; + etcdCtlVendorHash = "sha256-5r3Q+AfWp23tzbYQoD1hXEzRttJrUUKQSpcEV3GIlOE="; + etcdUtlVendorHash = "sha256-funO7EEJs28w4sk4sHVA/KR1TiHumVKNs0Gn/xFl4ig="; + etcdServerVendorHash = "sha256-OtWpX5A+kyQej2bueTqmNf62oKmXGQzjexzXlK/XJms="; src = applyPatches { src = fetchFromGitHub { @@ -25,12 +24,6 @@ let tag = "v${version}"; hash = etcdSrcHash; }; - patches = [ - (fetchpatch { - url = "https://github.com/etcd-io/etcd/commit/31650ab0c8df43af05fc4c13b48ffee59271eec7.patch"; - hash = "sha256-Q94HOLFx2fnb61wMQsAUT4sIBXfxXqW9YEayukQXX18="; - }) - ]; }; env = { @@ -46,7 +39,7 @@ let platforms = lib.platforms.darwin ++ lib.platforms.linux; }; - etcdserver = buildGoModule { + etcdserver = buildGo124Module { pname = "etcdserver"; inherit @@ -73,7 +66,7 @@ let ldflags = [ "-X go.etcd.io/etcd/api/v3/version.GitSHA=GitNotFound" ]; }; - etcdutl = buildGoModule { + etcdutl = buildGo124Module { pname = "etcdutl"; inherit @@ -99,7 +92,7 @@ let ''; }; - etcdctl = buildGoModule { + etcdctl = buildGo124Module { pname = "etcdctl"; inherit @@ -132,11 +125,7 @@ symlinkJoin { deps = { inherit etcdserver etcdutl etcdctl; }; - # Fix-Me: Tests for etcd 3.6 needs work. - # tests = { - # inherit (nixosTests) etcd etcd-cluster; - # k3s = k3s.passthru.tests.etcd; - # }; + tests = nixosTests.etcd."3_6"; updateScript = ./update.sh; }; diff --git a/pkgs/by-name/et/etcd_3_6/update.sh b/pkgs/by-name/et/etcd_3_6/update.sh index 1330f88d9085..8bcc05d986ca 100755 --- a/pkgs/by-name/et/etcd_3_6/update.sh +++ b/pkgs/by-name/et/etcd_3_6/update.sh @@ -30,7 +30,7 @@ if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then ETCD_SRC_HASH=$(nix hash to-sri --type sha256 $ETCD_SRC_HASH) setKV () { - sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "$ETCD_PATH/default.nix" + sed -i "s|$1 = \".*\"|$1 = \"${2:-}\"|" "$ETCD_PATH/package.nix" } setKV version $LATEST_VERSION @@ -63,7 +63,7 @@ if [ ! "$OLD_VERSION" = "$LATEST_VERSION" ]; then # `git` flag here is to be used by local maintainers to speed up the bump process if [ $# -eq 1 ] && [ "$1" = "git" ]; then git switch -c "package-$ETCD_PKG_NAME-$LATEST_VERSION" - git add "$ETCD_PATH"/default.nix + git add "$ETCD_PATH"/package.nix git commit -m "$ETCD_PKG_NAME: $OLD_VERSION -> $LATEST_VERSION Release: https://github.com/etcd-io/etcd/releases/tag/$LATEST_TAG" diff --git a/pkgs/by-name/fp/fparser/package.nix b/pkgs/by-name/fp/fparser/package.nix index 69506dcb38dc..ba6b540bcbc2 100644 --- a/pkgs/by-name/fp/fparser/package.nix +++ b/pkgs/by-name/fp/fparser/package.nix @@ -7,22 +7,22 @@ stdenv.mkDerivation { pname = "fparser"; - version = "0-unstable-2015-09-25"; + version = "0-unstable-2025-06-23"; src = fetchFromGitHub { owner = "thliebig"; repo = "fparser"; - rev = "a59e1f51e32096bfe2a0a2640d5dffc7ae6ba37b"; - sha256 = "0wayml1mlyi922gp6am3fsidhzsilziksdn5kbnpcln01h8555ad"; + rev = "ee15c675514e53b37304179b4a91319d44ba9a85"; + hash = "sha256-YlkaJlZ60EAsaejdyaV7OK3zF7pnkhyr+PssuToFplA="; }; nativeBuildInputs = [ cmake ]; - meta = with lib; { + meta = { description = "C++ Library for Evaluating Mathematical Functions"; homepage = "https://github.com/thliebig/fparser"; - license = licenses.lgpl3; - maintainers = with maintainers; [ matthuszagh ]; - platforms = platforms.linux; + license = lib.licenses.lgpl3; + maintainers = with lib.maintainers; [ matthuszagh ]; + platforms = lib.platforms.linux; }; } diff --git a/pkgs/by-name/fz/fzf/package.nix b/pkgs/by-name/fz/fzf/package.nix index 69a42f183d84..988bf8ff2c83 100644 --- a/pkgs/by-name/fz/fzf/package.nix +++ b/pkgs/by-name/fz/fzf/package.nix @@ -12,13 +12,13 @@ buildGoModule rec { pname = "fzf"; - version = "0.66.0"; + version = "0.66.1"; src = fetchFromGitHub { owner = "junegunn"; repo = "fzf"; rev = "v${version}"; - hash = "sha256-4cspznuGPhTFSUM9yYvPoytX27CKenp/oAMqWpT5JrE="; + hash = "sha256-0dq4m5SGu37AGVUoFLgP40vjBTu6cYoUgB+ZhyfKi+M="; }; vendorHash = "sha256-uFXHoseFOxGIGPiWxWfDl339vUv855VHYgSs9rnDyuI="; diff --git a/pkgs/by-name/gr/grav/package.nix b/pkgs/by-name/gr/grav/package.nix index 89ea0e66bcca..97bba7bfb987 100644 --- a/pkgs/by-name/gr/grav/package.nix +++ b/pkgs/by-name/gr/grav/package.nix @@ -6,7 +6,7 @@ }: let - version = "1.7.50.2"; + version = "1.7.50.3"; in stdenvNoCC.mkDerivation { pname = "grav"; @@ -14,7 +14,7 @@ stdenvNoCC.mkDerivation { src = fetchzip { url = "https://github.com/getgrav/grav/releases/download/${version}/grav-admin-v${version}.zip"; - hash = "sha256-UaaROMdUNFX6gcbJnfRn9CopZ3nuIMD91CkHnujtnE4="; + hash = "sha256-W4JuW5NEko38AbLrLOGWYsRvehPV7+tX2Hq1tTZ22EY="; }; patches = [ diff --git a/pkgs/by-name/ht/httm/package.nix b/pkgs/by-name/ht/httm/package.nix index 855773eb8328..191c7d3db444 100644 --- a/pkgs/by-name/ht/httm/package.nix +++ b/pkgs/by-name/ht/httm/package.nix @@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec { pname = "httm"; - version = "0.48.6"; + version = "0.49.9"; src = fetchFromGitHub { owner = "kimono-koans"; repo = "httm"; rev = version; - hash = "sha256-A/4nf5DKGf8IjQvvNSJMONoRmEBul8/RS+e4OLU1VYQ="; + hash = "sha256-Y0WYgi/VdGjE70XZcJD7G+ONCSq2YXpX9/RyijPW3kc="; }; - cargoHash = "sha256-/iAeR0HmIaoSX03bvTypyvKWgjhfhAzc/ikpiCuXEcs="; + cargoHash = "sha256-CSwfwW5ChnvrtN+zl2DdAPHDJCL3RSQHlBT2xWt+KCc="; nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/by-name/ir/irpf/package.nix b/pkgs/by-name/ir/irpf/package.nix index cbeab7c8d75a..b732787210f1 100644 --- a/pkgs/by-name/ir/irpf/package.nix +++ b/pkgs/by-name/ir/irpf/package.nix @@ -13,7 +13,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { pname = "irpf"; - version = "2025-1.6"; + version = "2025-1.7"; # https://www.gov.br/receitafederal/pt-br/centrais-de-conteudo/download/pgd/dirpf # Para outros sistemas operacionais -> Multi @@ -23,7 +23,7 @@ stdenvNoCC.mkDerivation (finalAttrs: { in fetchzip { url = "https://downloadirpf.receita.fazenda.gov.br/irpf/${year}/irpf/arquivos/IRPF${finalAttrs.version}.zip"; - hash = "sha256-U2HweRi6acrmMT+9B1263mhGIn/84Z6JeqKP6XvTeXE="; + hash = "sha256-VLB/Ni+sZ0Xugh3v7vb4rqTlAZz3eHU33lbljCX3Yic="; }; passthru.updateScript = writeScript "update-irpf" '' diff --git a/pkgs/by-name/ke/keymapper/package.nix b/pkgs/by-name/ke/keymapper/package.nix index bda1cd85fd01..f3c5dfbfabda 100644 --- a/pkgs/by-name/ke/keymapper/package.nix +++ b/pkgs/by-name/ke/keymapper/package.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation (finalAttrs: { pname = "keymapper"; - version = "5.0.0"; + version = "5.1.0"; src = fetchFromGitHub { owner = "houmain"; repo = "keymapper"; tag = finalAttrs.version; - hash = "sha256-3cUfgOuZ3GKSKbUI2k/MwvSmHtqvqiUvqUem3Nh/YuQ="; + hash = "sha256-y1EVF3IwGzDy32ywo9LSzkQNki/HuKC40DySIme8nTc="; }; # all the following must be in nativeBuildInputs diff --git a/pkgs/by-name/ki/kide/package.nix b/pkgs/by-name/ki/kide/package.nix new file mode 100644 index 000000000000..ae5cdbde45d9 --- /dev/null +++ b/pkgs/by-name/ki/kide/package.nix @@ -0,0 +1,63 @@ +{ + lib, + stdenv, + rustPlatform, + fetchFromGitHub, + fetchNpmDeps, + cargo-tauri, + nodejs, + npmHooks, + pkg-config, + wrapGAppsHook4, + openssl, + webkitgtk_4_1, + nix-update-script, +}: +rustPlatform.buildRustPackage (finalAttrs: { + pname = "kide"; + version = "1.0.40"; + + src = fetchFromGitHub { + owner = "openobserve"; + repo = "kide"; + tag = "v${finalAttrs.version}"; + hash = "sha256-lRkFPS+hkACj3CxWde4B7phHUMh+2643Jgd0Wt3nUSo="; + }; + + cargoHash = "sha256-/PdUaSW7YMFDgMFqA+7ePNPraPhMSNqFaONIEFubtNc="; + + npmDeps = fetchNpmDeps { + inherit (finalAttrs) pname version src; + hash = "sha256-1BY2oEnpldl+m8hUg9bszAyR67M8ErbcNaNE676c9hU="; + }; + + nativeBuildInputs = [ + cargo-tauri.hook + nodejs + npmHooks.npmConfigHook + pkg-config + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ wrapGAppsHook4 ]; + + buildInputs = [ + openssl + ] + ++ lib.optionals stdenv.hostPlatform.isLinux [ + webkitgtk_4_1 + ]; + + cargoRoot = "src-tauri"; + buildAndTestSubdir = finalAttrs.cargoRoot; + + passthru.updateScript = nix-update-script { }; + + meta = { + description = "Fast and lightweight Kubernetes IDE"; + homepage = "https://github.com/openobserve/kide"; + changelog = "https://github.com/openobserve/kide/releases/tag/v${finalAttrs.version}"; + license = lib.licenses.asl20; + inherit (cargo-tauri.hook.meta) platforms; + maintainers = with lib.maintainers; [ nartsiss ]; + mainProgram = "kide"; + }; +}) diff --git a/pkgs/by-name/la/lact/package.nix b/pkgs/by-name/la/lact/package.nix index f54ef55f417b..6a0f2c0e2176 100644 --- a/pkgs/by-name/la/lact/package.nix +++ b/pkgs/by-name/la/lact/package.nix @@ -23,16 +23,16 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "lact"; - version = "0.8.1"; + version = "0.8.2"; src = fetchFromGitHub { owner = "ilya-zlobintsev"; repo = "LACT"; tag = "v${finalAttrs.version}"; - hash = "sha256-bgMQTiNeJR6zPTy/YpQ0oI1oGBzCf+VtBUn6pgADZAY="; + hash = "sha256-ZfUzsSdMLv6IaSbLkz9LBvdB4cS4oBE+R5toi9T7vR0="; }; - cargoHash = "sha256-VxyYnX6AW+AS4NOB1XZXi2Dyrf4rtJzKHXMYwgLY6pQ="; + cargoHash = "sha256-K1/D5vi88Wjcvu/KZOkVr4q2MdMHTkhtyV8k8bvcGwg="; nativeBuildInputs = [ pkg-config diff --git a/pkgs/by-name/ls/lsp-plugins/package.nix b/pkgs/by-name/ls/lsp-plugins/package.nix index 1874f7502232..5c5e0ecbd65b 100644 --- a/pkgs/by-name/ls/lsp-plugins/package.nix +++ b/pkgs/by-name/ls/lsp-plugins/package.nix @@ -21,7 +21,7 @@ in stdenv.mkDerivation (finalAttrs: { pname = "lsp-plugins"; - version = "1.2.23"; + version = "1.2.24"; outputs = [ "out" @@ -31,7 +31,7 @@ stdenv.mkDerivation (finalAttrs: { src = fetchurl { url = "https://github.com/lsp-plugins/lsp-plugins/releases/download/${finalAttrs.version}/lsp-plugins-src-${finalAttrs.version}.tar.gz"; - hash = "sha256-GxjSnDsEPiXbaJ9khSvgQZeVONxWf4WJilurHpSf14w="; + hash = "sha256-rDKf3PqRa+lLZcHGQNRXBGkcnhkMNdE9Jok4n3/btGM="; }; # By default, GStreamer plugins are installed right alongside GStreamer itself diff --git a/pkgs/by-name/lu/lune/package.nix b/pkgs/by-name/lu/lune/package.nix index df7bf3ce6753..d053e32bc244 100644 --- a/pkgs/by-name/lu/lune/package.nix +++ b/pkgs/by-name/lu/lune/package.nix @@ -7,17 +7,17 @@ }: rustPlatform.buildRustPackage rec { pname = "lune"; - version = "0.10.3"; + version = "0.10.4"; src = fetchFromGitHub { owner = "filiptibell"; repo = "lune"; tag = "v${version}"; - hash = "sha256-pWOGaVugfnwaA4alFP85ha+/iaN8x6KOVnx38vfFk78="; + hash = "sha256-AbviyCy2nn6WHC575JKl/t3bM/4Myb+Wx5/buTvB4MY="; fetchSubmodules = true; }; - cargoHash = "sha256-cq7Sgq9f2XpVTgEOMfR/G7sTqcWLwuJBgG9U+h4IMWQ="; + cargoHash = "sha256-QSQ+SsvLa7f9EVGi6i/SlpL8yWXVP47zkw4beDy5UIQ="; # error: linker `aarch64-linux-gnu-gcc` not found postPatch = '' diff --git a/pkgs/by-name/md/mdk-sdk/package.nix b/pkgs/by-name/md/mdk-sdk/package.nix index e5977fc5cda4..2530a5a7f7ca 100644 --- a/pkgs/by-name/md/mdk-sdk/package.nix +++ b/pkgs/by-name/md/mdk-sdk/package.nix @@ -33,11 +33,11 @@ let in stdenv.mkDerivation rec { pname = "mdk-sdk"; - version = "0.34.0"; + version = "0.35.0"; src = fetchurl { url = "https://github.com/wang-bin/mdk-sdk/releases/download/v${version}/mdk-sdk-linux.tar.xz"; - hash = "sha256-qt17xZKuZIWmD8ck1IrHXa5i5tKElTYmbGQvqJTtTsY="; + hash = "sha256-PKECwms/JGJYsYIvUWU0UBSLwlsYikYw3IGleWXlbtg="; }; nativeBuildInputs = [ autoPatchelfHook ]; diff --git a/pkgs/by-name/n8/n8n/package.nix b/pkgs/by-name/n8/n8n/package.nix index 382c583f0475..ad76b10d9ed7 100644 --- a/pkgs/by-name/n8/n8n/package.nix +++ b/pkgs/by-name/n8/n8n/package.nix @@ -17,19 +17,19 @@ stdenv.mkDerivation (finalAttrs: { pname = "n8n"; - version = "1.115.3"; + version = "1.116.2"; src = fetchFromGitHub { owner = "n8n-io"; repo = "n8n"; tag = "n8n@${finalAttrs.version}"; - hash = "sha256-9UDPckn+0xtwZcLaHCzhC4yKdDqjat0F4nHuxVdIRMA="; + hash = "sha256-pHrJ/l3L+asf0ZXcWVvOzzdoDYnAUvaR9GxB/m/jvzU="; }; pnpmDeps = pnpm_10.fetchDeps { inherit (finalAttrs) pname version src; fetcherVersion = 2; - hash = "sha256-mJJIdLtJ3E4eMub4szJA+40ZL4WkLNupwqvq3JnFxtk="; + hash = "sha256-uBnb781B84Rm9gbco7p5iDp18sfjbULbedaRIk7kaLE="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/ne/nextcloud-whiteboard-server/package.nix b/pkgs/by-name/ne/nextcloud-whiteboard-server/package.nix index a94f01778c3d..ae2a1842615a 100644 --- a/pkgs/by-name/ne/nextcloud-whiteboard-server/package.nix +++ b/pkgs/by-name/ne/nextcloud-whiteboard-server/package.nix @@ -8,16 +8,16 @@ }: buildNpmPackage rec { pname = "nextcloud-whiteboard-server"; - version = "1.1.3"; + version = "1.3.0"; src = fetchFromGitHub { owner = "nextcloud"; repo = "whiteboard"; tag = "v${version}"; - hash = "sha256-4qk6mAFz7bYWtrlqiVPiyWF4ub4Ks9RhS5oODlOYRvA="; + hash = "sha256-fk+BiQ6jM/SvBioz56WHIhWGErgroCvagQq6/vMWCyk="; }; - npmDepsHash = "sha256-WHSMK7s6vohphHoNh96yejdwXHBxdkQSpMMNiFS15E4="; + npmDepsHash = "sha256-x6ccAOq0yZ8DfZLIp2ZNpT8HMAjBr+e4gsEOUOskABs="; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/by-name/od/odhcp6c/package.nix b/pkgs/by-name/od/odhcp6c/package.nix index c156d412dbbd..fa6b0f113122 100644 --- a/pkgs/by-name/od/odhcp6c/package.nix +++ b/pkgs/by-name/od/odhcp6c/package.nix @@ -8,12 +8,12 @@ stdenv.mkDerivation { pname = "odhcp6c"; - version = "0-unstable-2025-10-17"; + version = "0-unstable-2025-10-21"; src = fetchgit { url = "https://git.openwrt.org/project/odhcp6c.git"; - rev = "d7afeea2b9650c64fcf915cbb3369577247b96ed"; - hash = "sha256-6L/yY8u5JBw1oywj2pg+0rW2397KBNAejrg5VKpYxLw="; + rev = "77e1ae21e67f81840024ffe5bb7cf69a8fb0d2f0"; + hash = "sha256-aOW0rOGd4YwnfXjsUj6HHy8zf0FJYFjsKMWJ5yhUl5g="; }; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/by-name/oh/oh-my-zsh/package.nix b/pkgs/by-name/oh/oh-my-zsh/package.nix index 352805263d4b..a26fdebf39b5 100644 --- a/pkgs/by-name/oh/oh-my-zsh/package.nix +++ b/pkgs/by-name/oh/oh-my-zsh/package.nix @@ -19,14 +19,14 @@ }: stdenv.mkDerivation rec { - version = "2025-10-15"; + version = "2025-10-23"; pname = "oh-my-zsh"; src = fetchFromGitHub { owner = "ohmyzsh"; repo = "ohmyzsh"; - rev = "d1c04d8a33f9127d03b69617c5367db5ceebc8a7"; - sha256 = "sha256-Nt/7UZJl+7Kw7trMByuyhjE7RnccgAzW1oNwKsIx3Jw="; + rev = "99017b8eac3d7d0e5ba01c7bf0cf9c6d38985536"; + sha256 = "sha256-/q9BRzRAzD5iepT2i0y72K4kPAZiJCPbX45boD2V7aU="; }; strictDeps = true; diff --git a/pkgs/by-name/op/openems/package.nix b/pkgs/by-name/op/openems/package.nix index 22e92e81fa35..d336bf62f538 100644 --- a/pkgs/by-name/op/openems/package.nix +++ b/pkgs/by-name/op/openems/package.nix @@ -2,6 +2,7 @@ stdenv, lib, fetchFromGitHub, + fetchpatch, csxcad, fparser, tinyxml, @@ -19,17 +20,32 @@ hyp2mat, }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "openems"; version = "0.0.36"; src = fetchFromGitHub { owner = "thliebig"; repo = "openEMS"; - rev = "v${version}"; + rev = "v${finalAttrs.version}"; sha256 = "sha256-wdH+Zw7G2ZigzBMX8p3GKdFVx/AhbTNL+P3w+YjI/dc="; }; + patches = [ + # ref. https://github.com/thliebig/openEMS/pull/183 merged upstream + (fetchpatch { + name = "update-cmake-minimum-required.patch"; + url = "https://github.com/thliebig/openEMS/commit/0fa7ba3aebc8ee531077973cfa136ead8e887872.patch"; + hash = "sha256-q/ax7MZHwqSKAjx22uyV13YO/TXZa4bwikoQyItMB7E="; + }) + # ref. https://github.com/thliebig/openEMS/pull/184 merged upstream + (fetchpatch { + name = "update-nf2ff-cmake-minimum-required.patch"; + url = "https://github.com/thliebig/openEMS/commit/e02e2a8414355482145240e4c2b2464d7a26dd9e.patch"; + hash = "sha256-y3pvim/8XUKF5k7shj0D+8P6tdfSZ3E/gxTogbRtxdo="; + }) + ]; + nativeBuildInputs = [ cmake ]; @@ -60,11 +76,11 @@ stdenv.mkDerivation rec { -o $out/share/openEMS/matlab/h5readatt_octave.oct ''; - meta = with lib; { + meta = { description = "Open Source Electromagnetic Field Solver"; homepage = "https://wiki.openems.de/index.php/Main_Page.html"; - license = licenses.gpl3; - maintainers = with maintainers; [ matthuszagh ]; - platforms = platforms.linux; + license = lib.licenses.gpl3; + maintainers = with lib.maintainers; [ matthuszagh ]; + platforms = lib.platforms.linux; }; -} +}) diff --git a/pkgs/by-name/ox/oxigraph/package.nix b/pkgs/by-name/ox/oxigraph/package.nix index fed65b4f3fc6..35e4fa2da880 100644 --- a/pkgs/by-name/ox/oxigraph/package.nix +++ b/pkgs/by-name/ox/oxigraph/package.nix @@ -13,17 +13,17 @@ let in rustPlatform.buildRustPackage (finalAttrs: { pname = "oxigraph"; - version = "0.5.1"; + version = "0.5.2"; src = fetchFromGitHub { owner = "oxigraph"; repo = "oxigraph"; tag = "v${finalAttrs.version}"; - hash = "sha256-58PGRQlDziVENgm7OKPAzXXi4BkOJqytGCxxIXB2smc="; + hash = "sha256-ptTrJbLGS7GkLGO40mbpdPkrcspaUE33kRZ8g9Qtb0o="; fetchSubmodules = true; }; - cargoHash = "sha256-GQ+7dyQ1LyYK8RYImsqVMEQvIC5pRQUVYYgO4FOShaE="; + cargoHash = "sha256-AuUGra9ejPRKWWpXWLmcwGuZRKIuCYTdifpnwuuHnnQ="; nativeBuildInputs = [ rustPlatform.bindgenHook diff --git a/pkgs/by-name/pa/pantheon-tweaks/package.nix b/pkgs/by-name/pa/pantheon-tweaks/package.nix index b18666199594..f2b8bdc485b8 100644 --- a/pkgs/by-name/pa/pantheon-tweaks/package.nix +++ b/pkgs/by-name/pa/pantheon-tweaks/package.nix @@ -17,13 +17,13 @@ stdenv.mkDerivation rec { pname = "pantheon-tweaks"; - version = "2.4.0"; + version = "2.5.0"; src = fetchFromGitHub { owner = "pantheon-tweaks"; repo = "pantheon-tweaks"; rev = version; - hash = "sha256-/fHhVErLIQMSRkri6vqc11yZr0YaLeQTUh986If8mVg="; + hash = "sha256-cCrHGOo7dZc28hbZD6Zv8Dw4Ks5JTDsm6A6nkmpUAxk="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/pr/protoc-gen-connect-go/package.nix b/pkgs/by-name/pr/protoc-gen-connect-go/package.nix index 168ac172cfc1..d3697ac75b90 100644 --- a/pkgs/by-name/pr/protoc-gen-connect-go/package.nix +++ b/pkgs/by-name/pr/protoc-gen-connect-go/package.nix @@ -4,15 +4,15 @@ fetchFromGitHub, }: -buildGoModule rec { +buildGoModule (finalAttrs: { pname = "protoc-gen-connect-go"; - version = "1.19.0"; + version = "1.19.1"; src = fetchFromGitHub { owner = "connectrpc"; repo = "connect-go"; - tag = "v${version}"; - hash = "sha256-pxG2f54m01tC9YhpN9zQ8M5KiP4gyt019klqnBPHHrw="; + tag = "v${finalAttrs.version}"; + hash = "sha256-VW7FHZk7FAux2Jn03gGm9gdkjCzvofC/ukXOWaplWBo="; }; vendorHash = "sha256-oAcAE9t4mz0HrkqO8lh5Ex2nakKj5FKy2lKTP8X/9Gg="; @@ -26,15 +26,27 @@ buildGoModule rec { unset subPackages ''; + checkFlags = + let + skippedTests = [ + # other tests work, could be related to sandboxing or timings + # got: unavailable + # want: deadline_exceeded + # client_ext_test.go:789: actual receive error from /connect.ping.v1.PingService/Sum: unavailable: io: read/write on closed pipe + "TestClientDeadlineHandling/read-write" + ]; + in + [ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ]; + meta = { description = "Simple, reliable, interoperable, better gRPC"; mainProgram = "protoc-gen-connect-go"; homepage = "https://github.com/connectrpc/connect-go"; - changelog = "https://github.com/connectrpc/connect-go/releases/tag/v${version}"; + changelog = "https://github.com/connectrpc/connect-go/releases/tag/${finalAttrs.src.tag}"; license = lib.licenses.asl20; maintainers = with lib.maintainers; [ kilimnik jk ]; }; -} +}) diff --git a/pkgs/by-name/qc/qcsxcad/package.nix b/pkgs/by-name/qc/qcsxcad/package.nix index 8d8b0fc4dfcc..00035bb2c64a 100644 --- a/pkgs/by-name/qc/qcsxcad/package.nix +++ b/pkgs/by-name/qc/qcsxcad/package.nix @@ -2,6 +2,7 @@ lib, stdenv, fetchFromGitHub, + fetchpatch, cmake, csxcad, tinyxml, @@ -20,6 +21,20 @@ stdenv.mkDerivation (finalAttrs: { hash = "sha256-bX6e3ugHJynU9tP70BV8TadnoGg1VO7SAYJueMkMAyo="; }; + patches = [ + # ref. https://github.com/thliebig/QCSXCAD/pull/18 merged upstream + (fetchpatch { + name = "fix-cmake-40-issues.patch"; + url = "https://github.com/thliebig/QCSXCAD/commit/200c9c211ee1401d6dce2bcbf2543089cdc67208.patch"; + hash = "sha256-OVihvjBRTQ87l0bBq2J8aWC7WdFCPqy5CtU4S5a11Xw="; + }) + (fetchpatch { + name = "update-cmake-minimum-required.patch"; + url = "https://github.com/thliebig/QCSXCAD/commit/64a4bdc13511690499756e6602076c1e70cf4ee7.patch"; + hash = "sha256-rzVj9YdAJVxhTatTO5MxZJInb1RB0qqmPFAkI2nxpQ0="; + }) + ]; + outputs = [ "out" "dev" diff --git a/pkgs/by-name/qm/qmmp/package.nix b/pkgs/by-name/qm/qmmp/package.nix index 0006efa17170..e8484a125b40 100644 --- a/pkgs/by-name/qm/qmmp/package.nix +++ b/pkgs/by-name/qm/qmmp/package.nix @@ -52,13 +52,13 @@ # Qmmp installs working .desktop file(s) all by itself, so we don't need to # handle that. -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "qmmp"; - version = "2.2.8"; + version = "2.3.0"; src = fetchurl { - url = "https://qmmp.ylsoftware.com/files/qmmp/2.2/${pname}-${version}.tar.bz2"; - hash = "sha256-cwqXoGOkmOs32p4vgZjf5XBpPmpsfyshDVgb2H27k4o="; + url = "https://qmmp.ylsoftware.com/files/qmmp/2.3/qmmp-${finalAttrs.version}.tar.bz2"; + hash = "sha256-AcPjA2fIhReM0RVZTSD2lKR6NS/X5l/PVyLhKsgzMGM="; }; nativeBuildInputs = [ @@ -107,12 +107,12 @@ stdenv.mkDerivation rec { libsamplerate ]; - meta = with lib; { + meta = { description = "Qt-based audio player that looks like Winamp"; mainProgram = "qmmp"; homepage = "https://qmmp.ylsoftware.com/"; - license = licenses.gpl2Plus; - platforms = platforms.linux; - maintainers = [ maintainers.bjornfor ]; + license = lib.licenses.gpl2Plus; + platforms = lib.platforms.linux; + maintainers = [ lib.maintainers.bjornfor ]; }; -} +}) diff --git a/pkgs/by-name/qu/quarkus/package.nix b/pkgs/by-name/qu/quarkus/package.nix index b86793c4208e..7ca69a5dbdf0 100644 --- a/pkgs/by-name/qu/quarkus/package.nix +++ b/pkgs/by-name/qu/quarkus/package.nix @@ -8,11 +8,11 @@ stdenv.mkDerivation (finalAttrs: { pname = "quarkus-cli"; - version = "3.28.3"; + version = "3.28.5"; src = fetchurl { url = "https://github.com/quarkusio/quarkus/releases/download/${finalAttrs.version}/quarkus-cli-${finalAttrs.version}.tar.gz"; - hash = "sha256-ulB6jy3J1vKe1rO17p8Vw0V8C/sDcXYcuu6b2e3L6Ps="; + hash = "sha256-uXDZIFqH+PgI0MSZb3SYFpQm2XMFdXBdPZrjb7DT1Bg="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/by-name/qu/quba/package.nix b/pkgs/by-name/qu/quba/package.nix index 18e95f6bc801..0b3cf029a91b 100644 --- a/pkgs/by-name/qu/quba/package.nix +++ b/pkgs/by-name/qu/quba/package.nix @@ -4,11 +4,20 @@ appimageTools, fetchurl, _7zz, + writeShellScript, + nix-update, + common-updater-scripts, }: let pname = "quba"; - version = "1.4.2"; + version = "1.5.0"; + + passthru.updateScript = writeShellScript "update-quiet" '' + ${lib.getExe nix-update} --system=x86_64-linux quba + hash=$(nix hash convert --to sri --hash-algo sha256 $(nix-prefetch-url $(nix eval --raw --file . quba.src.url --system aarch64-darwin))) + ${lib.getExe' common-updater-scripts "update-source-version"} quba $(nix eval --raw --file . quba.version) $hash --system=aarch64-darwin --ignore-same-version + ''; meta = { description = "Viewer for electronic invoices"; @@ -22,16 +31,17 @@ let src = fetchurl { url = "https://github.com/ZUGFeRD/quba-viewer/releases/download/v${version}/Quba-${version}.AppImage"; - hash = "sha256-3goMWN5GeQaLJimUKbjozJY/zJmqc9Mvy2+6bVSt1p0="; + hash = "sha256-xB1r8DNFOFQQx+MeGC1mWhf7PuMavM7DyYRBlEjAZ8k="; }; - appimageContents = appimageTools.extractType1 { inherit pname version src; }; + appimageContents = appimageTools.extractType2 { inherit pname version src; }; - linux = appimageTools.wrapType1 { + linux = appimageTools.wrapType2 { inherit pname version src + passthru meta ; @@ -44,11 +54,16 @@ let }; darwin = stdenvNoCC.mkDerivation { - inherit pname version meta; + inherit + pname + version + passthru + meta + ; src = fetchurl { url = "https://github.com/ZUGFeRD/quba-viewer/releases/download/v${version}/Quba-${version}-universal.dmg"; - hash = "sha256-q7va2D9AT0BoPhfkub/RFQxGyF12uFaCDpSYIxslqMc="; + hash = "sha256-niuU1zkxNRmCYxzto3g6i6Z3k5KCAgVIVQMgOLZJnSE="; }; unpackCmd = "7zz x -bd -osource -xr'!*/Applications' -xr'!*com.apple.provenance' $curSrc"; diff --git a/pkgs/by-name/ro/rofi-calc/package.nix b/pkgs/by-name/ro/rofi-calc/package.nix index f6369c1c77b0..be8e7838038c 100644 --- a/pkgs/by-name/ro/rofi-calc/package.nix +++ b/pkgs/by-name/ro/rofi-calc/package.nix @@ -15,13 +15,13 @@ stdenv.mkDerivation rec { pname = "rofi-calc"; - version = "2.4.1"; + version = "2.5.0"; src = fetchFromGitHub { owner = "svenstaro"; repo = "rofi-calc"; rev = "v${version}"; - sha256 = "sha256-E0C5hlrZGRGHT/yb4J2qFquf3AuB0T1zqbFPZdT1UxE="; + sha256 = "sha256-/UKOyJfCsV/+kZDndHZmrPdE2MjVlQWSiWQRIUPGz/I="; }; nativeBuildInputs = [ diff --git a/pkgs/by-name/se/serie/package.nix b/pkgs/by-name/se/serie/package.nix index 70da4c34d9c5..ab0a72d1c9b0 100644 --- a/pkgs/by-name/se/serie/package.nix +++ b/pkgs/by-name/se/serie/package.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "serie"; - version = "0.5.2"; + version = "0.5.3"; src = fetchFromGitHub { owner = "lusingander"; repo = "serie"; rev = "v${version}"; - hash = "sha256-b2Ys49561nBn+U8pDQHewrxd351PLGIQr0qK51eYuCk="; + hash = "sha256-HzAgPCAHOdxXPwPWPPU9VaNrVJL42TlbYMD/n7AeOH8="; }; - cargoHash = "sha256-KhLDaEPC5CIApMbxoGkO58QJ3bGkDlEjGJzdFa8UZKw="; + cargoHash = "sha256-dRR3Zr2QM1yDDxiKqugwMtz5f5ted0oHSdR47XUTQUc="; nativeCheckInputs = [ gitMinimal ]; diff --git a/pkgs/by-name/so/solfege/package.nix b/pkgs/by-name/so/solfege/package.nix index d3c8d113f75c..6098a00ac197 100644 --- a/pkgs/by-name/so/solfege/package.nix +++ b/pkgs/by-name/so/solfege/package.nix @@ -4,16 +4,21 @@ autoconf, automake, csound, + docbook-xsl-ns, fetchurl, gdk-pixbuf, gettext, + ghostscript, + gnome-doc-utils, gobject-introspection, gtk3, librsvg, + libxslt, lilypond, mpg123, pkg-config, python3Packages, + swig, texinfo, timidity, txt2man, @@ -46,10 +51,16 @@ python3Packages.buildPythonApplication rec { nativeBuildInputs = [ autoconf automake + docbook-xsl-ns gdk-pixbuf gettext + ghostscript + gnome-doc-utils gobject-introspection + libxslt + lilypond pkg-config + swig texinfo txt2man wrapGAppsHook3 @@ -65,6 +76,10 @@ python3Packages.buildPythonApplication rec { pygobject3 ]; + configureFlags = [ + "--enable-docbook-stylesheet=${docbook-xsl-ns}/share/xml/docbook-xsl-ns/html/chunk.xsl" + ]; + preBuild = '' sed -i -e 's|wav_player=.*|wav_player=${alsa-utils}/bin/aplay|' \ -e 's|midi_player=.*|midi_player=${timidity}/bin/timidity|' \ @@ -75,6 +90,10 @@ python3Packages.buildPythonApplication rec { default.config ''; + postBuild = '' + make help/C/index.html + ''; + dontWrapGApps = true; preFixup = '' diff --git a/pkgs/by-name/st/static-web-server/package.nix b/pkgs/by-name/st/static-web-server/package.nix index a63834f958fc..75ee43e817b3 100644 --- a/pkgs/by-name/st/static-web-server/package.nix +++ b/pkgs/by-name/st/static-web-server/package.nix @@ -7,16 +7,16 @@ rustPlatform.buildRustPackage rec { pname = "static-web-server"; - version = "2.38.1"; + version = "2.39.0"; src = fetchFromGitHub { owner = "static-web-server"; repo = "static-web-server"; rev = "v${version}"; - hash = "sha256-fcD1jd9kwm/jCYdvNGEnanLO/wUKeYy5OqOeQE2lGP4="; + hash = "sha256-iprQlSHO+ac7v1odVoS/9IU+Zov8/xh1l9pm1PJE8fs="; }; - cargoHash = "sha256-rfhRMQb7MX2722wcMk35qATav6WFFULy3Ix3WcC7r4M="; + cargoHash = "sha256-rNrGlgUvPezX7RnKhprRjl9DiJ/Crt4phmxnfY9tNXA="; # Some tests rely on timestamps newer than 18 Nov 1974 00:00:00 preCheck = '' diff --git a/pkgs/by-name/su/sunvox/package.nix b/pkgs/by-name/su/sunvox/package.nix index 41d80a042a91..4afee56add8f 100644 --- a/pkgs/by-name/su/sunvox/package.nix +++ b/pkgs/by-name/su/sunvox/package.nix @@ -4,14 +4,15 @@ fetchzip, alsa-lib, autoPatchelfHook, + copyDesktopItems, libglvnd, libjack2, libX11, libXi, + makeDesktopItem, makeWrapper, SDL2, }: - let platforms = { "x86_64-linux" = "linux_x86_64"; @@ -41,6 +42,7 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = lib.optionals stdenv.hostPlatform.isLinux [ autoPatchelfHook + copyDesktopItems ] ++ lib.optionals stdenv.hostPlatform.isDarwin [ makeWrapper @@ -58,6 +60,21 @@ stdenv.mkDerivation (finalAttrs: { libjack2 ]; + desktopItems = lib.optionals stdenv.hostPlatform.isLinux [ + (makeDesktopItem { + name = "sunvox"; + exec = "sunvox"; + desktopName = "SunVox"; + genericName = "Modular Synthesizer"; + comment = "Modular synthesizer with pattern-based sequencer"; + categories = [ + "AudioVideo" + "Audio" + "Midi" + ]; + }) + ]; + dontConfigure = true; dontBuild = true; diff --git a/pkgs/by-name/ug/ugrep/package.nix b/pkgs/by-name/ug/ugrep/package.nix index 5765e0898b09..14880464bb59 100644 --- a/pkgs/by-name/ug/ugrep/package.nix +++ b/pkgs/by-name/ug/ugrep/package.nix @@ -13,6 +13,28 @@ xz, zlib, zstd, + # The `ugrep+` and `ug+` commands are the same as the + # `ugrep` and `ug` commands, but also use filters to + # search PDFs, documents, e-books, image metadata, + # when these filter tools are present: + poppler-utils, # Provides `pdftotext`. + antiword, + pandoc, + exiftool, + # Alleviates the need for users to pollute their + # environment with these packages, but grows the + # closure size massively; hence this is opt-in. + wrapWithFilterUtils ? false, + # `ugrep` has a compatibility mode for the `gnugrep` + # variants. When `$0` is one of the variants, `ugrep` + # behaves like it to be drop-in compatible. This can + # be done simply through symlinks, just like is done + # with `coreutils`. These will of course shadow the + # `pkgs.gnugrep` binaries in `system-path`. + createGrepReplacementLinks ? false, + # All we need is its `meta.priority` to ensure `ugrep` + # beats it. + gnugrep, }: stdenv.mkDerivation (finalAttrs: { @@ -41,8 +63,39 @@ stdenv.mkDerivation (finalAttrs: { ]; postFixup = '' + # Needed because `ug+` and `ugrep+` are + # just scripts that call `ug` or `ugrep` + # with certain arguments. They must be + # reachable. for i in ug+ ugrep+; do - wrapProgram "$out/bin/$i" --prefix PATH : "$out/bin" + wrapProgram "$out/bin/$i" --prefix PATH : "${ + lib.makeBinPath ( + [ "$out" ] + ++ (lib.optionals wrapWithFilterUtils [ + poppler-utils + antiword + pandoc + exiftool + ]) + ) + }" + done + '' + + lib.optionalString createGrepReplacementLinks '' + # These will be made relative by the + # `_makeSymlinksRelativeInAllOutputs` + # `postFixupHook`. + for i in ${ + lib.concatStringsSep " " [ + "grep" + "egrep" + "fgrep" + "zgrep" + "zegrep" + "zfgrep" + ] + }; do + ln -s "$out/bin/ugrep" "$out/bin/$i" done ''; @@ -52,16 +105,23 @@ stdenv.mkDerivation (finalAttrs: { }; }; - meta = with lib; { - description = "Ultra fast grep with interactive query UI"; - homepage = "https://github.com/Genivia/ugrep"; - changelog = "https://github.com/Genivia/ugrep/releases/tag/v${finalAttrs.version}"; - maintainers = with maintainers; [ - numkem - mikaelfangel - ]; - license = licenses.bsd3; - platforms = platforms.all; - mainProgram = "ug"; - }; + meta = + with lib; + { + description = "Ultra fast grep with interactive query UI"; + homepage = "https://github.com/Genivia/ugrep"; + changelog = "https://github.com/Genivia/ugrep/releases/tag/v${finalAttrs.version}"; + maintainers = with maintainers; [ + numkem + mikaelfangel + ]; + license = licenses.bsd3; + platforms = platforms.all; + mainProgram = "ug"; + } + # Needed to ensure that the grep replacements take precedence over + # `gnugrep` when installed. Lower priority values win. + // lib.optionalAttrs createGrepReplacementLinks { + priority = (gnugrep.meta.priority or meta.defaultPriority) - 1; + }; }) diff --git a/pkgs/by-name/uw/uwsgi/package.nix b/pkgs/by-name/uw/uwsgi/package.nix index 6886ba53cae8..61d4fa0a49d9 100644 --- a/pkgs/by-name/uw/uwsgi/package.nix +++ b/pkgs/by-name/uw/uwsgi/package.nix @@ -81,13 +81,13 @@ in stdenv.mkDerivation (finalAttrs: { pname = "uwsgi"; - version = "2.0.30"; + version = "2.0.31"; src = fetchFromGitHub { owner = "unbit"; repo = "uwsgi"; tag = finalAttrs.version; - hash = "sha256-I03AshxZyxrRmtYUH1Q+B6ISykjYRMGG+ZQSHRS7vDs="; + hash = "sha256-WWZ+ClLWoUFi64xsiyuLXcxQsYdOv1DVhG+4oVYJJMI="; }; patches = [ diff --git a/pkgs/by-name/wa/way-displays/package.nix b/pkgs/by-name/wa/way-displays/package.nix index c22df9c1a546..74570b6959e4 100644 --- a/pkgs/by-name/wa/way-displays/package.nix +++ b/pkgs/by-name/wa/way-displays/package.nix @@ -11,13 +11,13 @@ stdenv.mkDerivation rec { pname = "way-displays"; - version = "1.14.1"; + version = "1.15.0"; src = fetchFromGitHub { owner = "alex-courtis"; repo = "way-displays"; rev = version; - sha256 = "sha256-IW9LolTZaPn2W8IZ166RebQRIug0CyFz/Prgr34wNwM="; + sha256 = "sha256-M1d6o4mODnFNInSt0GL1aCUcRU9VBVhHFQuwTrw6zY4="; }; strictDeps = true; diff --git a/pkgs/by-name/we/weblate/package.nix b/pkgs/by-name/we/weblate/package.nix index a84ece94bd64..8a34ea867162 100644 --- a/pkgs/by-name/we/weblate/package.nix +++ b/pkgs/by-name/we/weblate/package.nix @@ -16,18 +16,13 @@ let python = python3.override { packageOverrides = final: prev: { - # https://github.com/django-crispy-forms/crispy-bootstrap3/issues/12 - django = prev.django_5_1; - djangorestframework = prev.djangorestframework.overridePythonAttrs (old: { - # https://github.com/encode/django-rest-framework/discussions/9342 - disabledTests = (old.disabledTests or [ ]) ++ [ "test_invalid_inputs" ]; - }); + django = prev.django_5_2; }; }; in python.pkgs.buildPythonApplication rec { pname = "weblate"; - version = "5.13.3"; + version = "5.14"; pyproject = true; @@ -40,7 +35,7 @@ python.pkgs.buildPythonApplication rec { owner = "WeblateOrg"; repo = "weblate"; tag = "weblate-${version}"; - hash = "sha256-PM5h9RqCMdt0FODE7MoCWv9I+RMFTgjDmSrid59cHOA="; + hash = "sha256-XIaVM9bsgv6qJ1Q/6wzfO7D04WsUEkxNnJlyLd5+bY4="; }; build-system = with python.pkgs; [ setuptools ]; @@ -68,7 +63,7 @@ python.pkgs.buildPythonApplication rec { ''; pythonRelaxDeps = [ - "rapidfuzz" + "certifi" ]; dependencies = diff --git a/pkgs/by-name/ya/yatto/package.nix b/pkgs/by-name/ya/yatto/package.nix index 4ce3cba28c97..496e8aa4df98 100644 --- a/pkgs/by-name/ya/yatto/package.nix +++ b/pkgs/by-name/ya/yatto/package.nix @@ -5,16 +5,16 @@ }: buildGoModule (finalAttrs: { pname = "yatto"; - version = "0.18.1"; + version = "0.20.1"; src = fetchFromGitHub { owner = "handlebargh"; repo = "yatto"; tag = "v${finalAttrs.version}"; - hash = "sha256-GI/Q9lI6SqIOSYi5shMKlgegS8WdlWSFsPs7WLCB6Qg="; + hash = "sha256-ZIGtRPy2DfMzCK0WHJcv75d2oeHd2Sh3twrV6G/m5SI="; }; - vendorHash = "sha256-BqOuZUtyA7a8imzj3Oj1SUZ4k3kNjDYWiPlQRG9I0m8="; + vendorHash = "sha256-e+xv1mr8F3ODSsk67shJ+vI3isWcN3vaaqElUoDnvs0="; ldflags = [ "-s" diff --git a/pkgs/by-name/zo/zoekt/package.nix b/pkgs/by-name/zo/zoekt/package.nix index d186ea9f002f..e5412d1ce914 100644 --- a/pkgs/by-name/zo/zoekt/package.nix +++ b/pkgs/by-name/zo/zoekt/package.nix @@ -8,13 +8,13 @@ buildGoModule { pname = "zoekt"; - version = "3.7.2-2-unstable-2025-09-02"; + version = "3.7.2-2-unstable-2025-10-16"; src = fetchFromGitHub { owner = "sourcegraph"; repo = "zoekt"; - rev = "4e4a529c3b63c7d4c7897ba736f1cd52cc163134"; - hash = "sha256-aRQQAG0qZOrkdbQoQRXeddhMmQaB+/ESD6Ba+q4UIlI="; + rev = "90faf6de70e39db5fb48839eabfba6c8add008f0"; + hash = "sha256-nULqnTms5Jw8gE8VcUzRGJaJqyavXyABU8SyTg8fCtE="; }; vendorHash = "sha256-urXYBv8+C2jwnr5PjXz7nUyX/Gz4wmtS76UTXFqfQFk="; diff --git a/pkgs/by-name/zs/zsh-autosuggestions/package.nix b/pkgs/by-name/zs/zsh-autosuggestions/package.nix index 9afe6b870916..1710b482d7b8 100644 --- a/pkgs/by-name/zs/zsh-autosuggestions/package.nix +++ b/pkgs/by-name/zs/zsh-autosuggestions/package.nix @@ -20,8 +20,12 @@ stdenv.mkDerivation rec { strictDeps = true; installPhase = '' + install -D zsh-autosuggestions.plugin.zsh \ + $out/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.plugin.zsh install -D zsh-autosuggestions.zsh \ - $out/share/zsh-autosuggestions/zsh-autosuggestions.zsh + $out/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh + ln -s $out/share/zsh/plugins/zsh-autosuggestions \ + $out/share/zsh-autosuggestions ''; meta = with lib; { diff --git a/pkgs/by-name/zs/zsh-bd/package.nix b/pkgs/by-name/zs/zsh-bd/package.nix index 843ffc135ca5..24d1d8c390c0 100644 --- a/pkgs/by-name/zs/zsh-bd/package.nix +++ b/pkgs/by-name/zs/zsh-bd/package.nix @@ -19,10 +19,16 @@ stdenv.mkDerivation { dontBuild = true; installPhase = '' - mkdir -p $out/share/zsh-bd - cp {.,$out/share/zsh-bd}/bd.zsh - cd $out/share/zsh-bd - ln -s bd{,.plugin}.zsh + runHook preInstall + + install -D bd.zsh \ + $out/share/plugins/zsh-bd/bd.zsh + ln -s $out/share/plugins/zsh-bd/bd.zsh \ + $out/share/plugins/zsh-bd/bd.plugin.zsh + ln -s $out/share/plugins/zsh-bd \ + $out/share/zsh-bd + + runHook postInstall ''; meta = { diff --git a/pkgs/by-name/zs/zsh-fast-syntax-highlighting/package.nix b/pkgs/by-name/zs/zsh-fast-syntax-highlighting/package.nix index d3b6129e4592..d7cbdab2ef1c 100644 --- a/pkgs/by-name/zs/zsh-fast-syntax-highlighting/package.nix +++ b/pkgs/by-name/zs/zsh-fast-syntax-highlighting/package.nix @@ -20,7 +20,7 @@ stdenvNoCC.mkDerivation rec { dontBuild = true; installPhase = '' - plugindir="$out/share/zsh/site-functions" + plugindir="$out/share/zsh/plugins/fast-syntax-highlighting" mkdir -p "$plugindir" cp -r -- {,_,-,.}fast-* *chroma themes "$plugindir"/ diff --git a/pkgs/by-name/zs/zsh-history-substring-search/package.nix b/pkgs/by-name/zs/zsh-history-substring-search/package.nix index e291025f6ee1..61af2fec16ac 100644 --- a/pkgs/by-name/zs/zsh-history-substring-search/package.nix +++ b/pkgs/by-name/zs/zsh-history-substring-search/package.nix @@ -17,8 +17,12 @@ stdenv.mkDerivation rec { strictDeps = true; installPhase = '' + install -D zsh-history-substring-search.plugin.zsh \ + "$out/share/zsh/plugins/zsh-history-substring-search/zsh-history-substring-search.plugin.zsh" install -D zsh-history-substring-search.zsh \ - "$out/share/zsh-history-substring-search/zsh-history-substring-search.zsh" + "$out/share/zsh/plugins/zsh-history-substring-search/zsh-history-substring-search.zsh" + ln -s $out/share/zsh/plugins/zsh-history-substring-search \ + $out/share/zsh-history-substring-search ''; meta = with lib; { diff --git a/pkgs/by-name/zs/zsh-nix-shell/package.nix b/pkgs/by-name/zs/zsh-nix-shell/package.nix index 75bf5db1c4e5..48d4c6497796 100644 --- a/pkgs/by-name/zs/zsh-nix-shell/package.nix +++ b/pkgs/by-name/zs/zsh-nix-shell/package.nix @@ -22,8 +22,9 @@ stdenv.mkDerivation rec { strictDeps = true; buildInputs = [ bash ]; installPhase = '' - install -D nix-shell.plugin.zsh --target-directory=$out/share/zsh-nix-shell - install -D scripts/* --target-directory=$out/share/zsh-nix-shell/scripts + install -D nix-shell.plugin.zsh --target-directory=$out/share/zsh/plugins/zsh-nix-shell + install -D scripts/* --target-directory=$out/share/zsh/plugins/zsh-nix-shell/scripts + ln -s $out/share/zsh/plugins/zsh-nix-shell $out/share/zsh-nix-shell ''; meta = with lib; { diff --git a/pkgs/by-name/zs/zsh-powerlevel10k/package.nix b/pkgs/by-name/zs/zsh-powerlevel10k/package.nix index 2435105d33d0..cbc33168774e 100644 --- a/pkgs/by-name/zs/zsh-powerlevel10k/package.nix +++ b/pkgs/by-name/zs/zsh-powerlevel10k/package.nix @@ -32,11 +32,12 @@ stdenv.mkDerivation (finalAttrs: { installPhase = '' runHook preInstall - install -D powerlevel10k.zsh-theme --target-directory=$out/share/zsh-powerlevel10k - install -D powerlevel9k.zsh-theme --target-directory=$out/share/zsh-powerlevel10k - install -D config/* --target-directory=$out/share/zsh-powerlevel10k/config - install -D internal/* --target-directory=$out/share/zsh-powerlevel10k/internal - cp -R gitstatus $out/share/zsh-powerlevel10k/gitstatus + install -D powerlevel10k.zsh-theme --target-directory=$out/share/zsh/themes/powerlevel10k + install -D powerlevel9k.zsh-theme --target-directory=$out/share/zsh/themes/powerlevel10k + install -D config/* --target-directory=$out/share/zsh/themes/powerlevel10k/config + install -D internal/* --target-directory=$out/share/zsh/themes/powerlevel10k/internal + cp -R gitstatus $out/share/zsh/themes/powerlevel10k/gitstatus + ln -s $out/share/zsh/themes/powerlevel10k $out/share/zsh-powerlevel10k runHook postInstall ''; diff --git a/pkgs/by-name/zs/zsh-powerlevel9k/package.nix b/pkgs/by-name/zs/zsh-powerlevel9k/package.nix index a9ec9e8d1a00..e66aa6e9995d 100644 --- a/pkgs/by-name/zs/zsh-powerlevel9k/package.nix +++ b/pkgs/by-name/zs/zsh-powerlevel9k/package.nix @@ -16,8 +16,9 @@ stdenv.mkDerivation { strictDeps = true; installPhase = '' - install -D powerlevel9k.zsh-theme --target-directory=$out/share/zsh-powerlevel9k - install -D functions/* --target-directory=$out/share/zsh-powerlevel9k/functions + install -D powerlevel9k.zsh-theme --target-directory=$out/share/zsh/themes/powerlevel9k + install -D functions/* --target-directory=$out/share/zsh/themes/powerlevel9k/functions + ln -s $out/share/zsh/themes/powerlevel9k $out/share/zsh-powerlevel9k ''; meta = { diff --git a/pkgs/by-name/zu/zuban/package.nix b/pkgs/by-name/zu/zuban/package.nix index a1ba2288f0d2..f072b38cec86 100644 --- a/pkgs/by-name/zu/zuban/package.nix +++ b/pkgs/by-name/zu/zuban/package.nix @@ -8,18 +8,18 @@ rustPlatform.buildRustPackage (finalAttrs: { pname = "zuban"; - version = "0.0.23"; + version = "0.1.0"; src = fetchFromGitHub { owner = "zubanls"; repo = "zuban"; tag = "v${finalAttrs.version}"; - hash = "sha256-EPF1HW/oqUKHLTorkO3C+X+ziq6i1lCxGY5y1ioKg6A="; + hash = "sha256-nSQf3I9O5TP1V8kwJrcBRREqS/47UlILx3IZMmt5ljQ="; }; buildAndTestSubdir = "crates/zuban"; - cargoHash = "sha256-TAFdS4NmXchmhqVRcsckz6GhZG35IE2fukDlZiRF8Ms="; + cargoHash = "sha256-Q09ZUBVa52fXIKiL6aC9VZB+4Rt/hI045CIjb/t3Xyg="; nativeInstallCheckInputs = [ versionCheckHook diff --git a/pkgs/development/python-modules/ahocorasick-rs/default.nix b/pkgs/development/python-modules/ahocorasick-rs/default.nix index e8c3b47854db..f60ebfe67ef0 100644 --- a/pkgs/development/python-modules/ahocorasick-rs/default.nix +++ b/pkgs/development/python-modules/ahocorasick-rs/default.nix @@ -13,19 +13,19 @@ buildPythonPackage rec { pname = "ahocorasick-rs"; - version = "0.22.2"; + version = "1.0.3"; pyproject = true; src = fetchPypi { inherit version; pname = "ahocorasick_rs"; - hash = "sha256-h/J6ZCLb+U7A+f6ErAGI1KZrXHsvX23rFl8MXj25dpw="; + hash = "sha256-V503Bwp8Idqc2ZiLn7RxKXJztgy0EmWG1tzZn6r8XKU="; }; cargoDeps = rustPlatform.fetchCargoVendor { inherit pname version src; - hash = "sha256-uB3r6+Ewpi4dVke/TsCZltfc+ZABYLOLKuNxw+Jfu/M="; + hash = "sha256-RfgjO0qffiAZynQ/xChd81L8S0sqTGdWvpHPrz3bKlQ="; }; nativeBuildInputs = with rustPlatform; [ diff --git a/pkgs/development/python-modules/crispy-bootstrap3/default.nix b/pkgs/development/python-modules/crispy-bootstrap3/default.nix index f7f09e8e6962..e7662f47548c 100644 --- a/pkgs/development/python-modules/crispy-bootstrap3/default.nix +++ b/pkgs/development/python-modules/crispy-bootstrap3/default.nix @@ -35,6 +35,10 @@ buildPythonPackage rec { pythonImportsCheck = [ "crispy_bootstrap3" ]; + # Tests are broken on Django >= 5.1 + # https://github.com/django-crispy-forms/crispy-bootstrap3/issues/12 + doCheck = lib.versionOlder django.version "5.1"; + meta = with lib; { description = "Bootstrap 3 template pack for django-crispy-forms"; homepage = "https://github.com/django-crispy-forms/crispy-bootstrap3"; diff --git a/pkgs/development/python-modules/kajiki/default.nix b/pkgs/development/python-modules/kajiki/default.nix index e801f49aca4a..e7a0978bb415 100644 --- a/pkgs/development/python-modules/kajiki/default.nix +++ b/pkgs/development/python-modules/kajiki/default.nix @@ -6,12 +6,13 @@ linetable, pytestCheckHook, pythonOlder, + hatchling, }: buildPythonPackage rec { pname = "kajiki"; version = "1.0.1"; - format = "setuptools"; + pyproject = true; disabled = pythonOlder "3.7"; @@ -24,6 +25,8 @@ buildPythonPackage rec { propagatedBuildInputs = [ linetable ]; + build-system = [ hatchling ]; + nativeCheckInputs = [ babel pytestCheckHook diff --git a/pkgs/development/python-modules/maestral/default.nix b/pkgs/development/python-modules/maestral/default.nix index 78ddcc7d8d51..de2b186f348c 100644 --- a/pkgs/development/python-modules/maestral/default.nix +++ b/pkgs/development/python-modules/maestral/default.nix @@ -31,16 +31,16 @@ buildPythonPackage rec { pname = "maestral"; - version = "1.9.4"; + version = "1.9.5"; pyproject = true; - disabled = pythonOlder "3.8"; + disabled = pythonOlder "3.10"; src = fetchFromGitHub { owner = "SamSchott"; repo = "maestral"; tag = "v${version}"; - hash = "sha256-akh0COltpUU4Z4kfubg6A7k6W8ICoqVYkmFpMkTC8H8="; + hash = "sha256-xFSnJPKTAPXYa4FuqkFF5gLzGZ9TltNVDhyBnswiut4="; }; build-system = [ setuptools ]; @@ -51,7 +51,6 @@ buildPythonPackage rec { dbus-python dropbox fasteners - importlib-metadata keyring keyrings-alt packaging diff --git a/pkgs/development/python-modules/prosemirror/default.nix b/pkgs/development/python-modules/prosemirror/default.nix index 030a989f9573..4586fb355b1a 100644 --- a/pkgs/development/python-modules/prosemirror/default.nix +++ b/pkgs/development/python-modules/prosemirror/default.nix @@ -1,7 +1,8 @@ { lib, buildPythonPackage, - setuptools-scm, + hatchling, + hatch-vcs, pytestCheckHook, fetchPypi, lxml, @@ -18,7 +19,10 @@ buildPythonPackage rec { hash = "sha256-cZwqoKQ+B7d07R20dXTiDsiBIYYTyaWa2SnGs8o8Hl8="; }; - build-system = [ setuptools-scm ]; + build-system = [ + hatchling + hatch-vcs + ]; dependencies = [ lxml diff --git a/pkgs/development/python-modules/textual-textarea/default.nix b/pkgs/development/python-modules/textual-textarea/default.nix index 8ab356d467ef..ff311a5b988c 100644 --- a/pkgs/development/python-modules/textual-textarea/default.nix +++ b/pkgs/development/python-modules/textual-textarea/default.nix @@ -20,14 +20,14 @@ buildPythonPackage rec { pname = "textual-textarea"; - version = "0.17.1"; + version = "0.17.2"; pyproject = true; src = fetchFromGitHub { owner = "tconbeer"; repo = "textual-textarea"; tag = "v${version}"; - hash = "sha256-E6Yw/NRjfrdCeERgM0jdjfmG9zL2GhY2qAWUB1XwFic="; + hash = "sha256-y+2WvqD96eYkDEJn5qCGfGFNiJFAcF4KWWNgAIZUqJo="; }; build-system = [ hatchling ]; diff --git a/pkgs/development/python-modules/weblate-schemas/default.nix b/pkgs/development/python-modules/weblate-schemas/default.nix index 4563d1ee40ac..f3310a3b5094 100644 --- a/pkgs/development/python-modules/weblate-schemas/default.nix +++ b/pkgs/development/python-modules/weblate-schemas/default.nix @@ -13,14 +13,14 @@ buildPythonPackage rec { pname = "weblate-schemas"; - version = "2025.5"; + version = "2025.6"; pyproject = true; src = fetchPypi { pname = "weblate_schemas"; inherit version; - hash = "sha256-ZhFF3UD7lX/KXVDZFOn+Gc1w/cpzzVYVrbpVeJ9/wiE="; + hash = "sha256-Kxu+8CiJ343PmCdY5rSbTqsWmVMLnz9inAH726g5TQQ="; }; build-system = [ setuptools ]; diff --git a/pkgs/os-specific/linux/kernel/build.nix b/pkgs/os-specific/linux/kernel/build.nix new file mode 100644 index 000000000000..0839eaa9fdd9 --- /dev/null +++ b/pkgs/os-specific/linux/kernel/build.nix @@ -0,0 +1,586 @@ +{ + lib, + stdenv, + buildPackages, + bc, + bison, + flex, + perl, + rsync, + gmp, + libmpc, + mpfr, + openssl, + cpio, + elfutils, + hexdump, + zstd, + python3Minimal, + zlib, + pahole, + kmod, + ubootTools, + fetchpatch, + rustc-unwrapped, + rust-bindgen-unwrapped, + rustPlatform, +}: + +let + lib_ = lib; + stdenv_ = stdenv; + + readConfig = + configfile: + let + matchLine = + line: + let + match = lib.match "(CONFIG_[^=]+)=([ym])" line; + in + lib.optional (match != null) { + name = lib.elemAt match 0; + value = lib.elemAt match 1; + }; + in + lib.listToAttrs (lib.concatMap matchLine (lib.splitString "\n" (builtins.readFile configfile))); +in +lib.makeOverridable ( + { + # The kernel version + version, + # The kernel pname (should be set for variants) + pname ? "linux", + # Additional kernel make flags + extraMakeFlags ? [ ], + # The name of the kernel module directory + # Needs to be X.Y.Z[-extra], so pad with zeros if needed. + modDirVersion ? null, # derive from version + # The kernel source (tarball, git checkout, etc.) + src, + # a list of { name=..., patch=..., extraConfig=...} patches + kernelPatches ? [ ], + # The kernel .config file + configfile, + # Manually specified nixexpr representing the config + # If unspecified, this will be autodetected from the .config + config ? lib.optionalAttrs (builtins.isPath configfile || allowImportFromDerivation) ( + readConfig configfile + ), + # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is + # automatically extended with extra per-version and per-config values. + randstructSeed ? "", + # Extra meta attributes + extraMeta ? { }, + + # for module compatibility + isZen ? false, + isLibre ? false, + isHardened ? false, + + # Whether to utilize the controversial import-from-derivation feature to parse the config + allowImportFromDerivation ? false, + # ignored + features ? null, + lib ? lib_, + stdenv ? stdenv_, + }: + + let + # Provide defaults. Note that we support `null` so that callers don't need to use optionalAttrs, + # which can lead to unnecessary strictness and infinite recursions. + modDirVersion_ = if modDirVersion == null then lib.versions.pad 3 version else modDirVersion; + in + let + # Shadow the un-defaulted parameter; don't want null. + modDirVersion = modDirVersion_; + inherit (lib) + hasAttr + getAttr + optional + optionals + optionalString + maintainers + teams + platforms + ; + + commonMakeFlags = import ./common-flags.nix { + inherit + lib + stdenv + buildPackages + extraMakeFlags + ; + }; + + # Folding in `ubootTools` in the default nativeBuildInputs is problematic, as + # it makes updating U-Boot cumbersome, since it will go above the current + # threshold of rebuilds + # + # To prevent these needless rounds of staging for U-Boot builds, we can + # limit the inclusion of ubootTools to target platforms where uImage *may* + # be produced. + # + # This command lists those (kernel-named) platforms: + # .../linux $ grep -l uImage ./arch/*/Makefile | cut -d'/' -f3 | sort + # + # This is still a guesstimation, but since none of our cached platforms + # coincide in that list, this gives us "perfect" decoupling here. + linuxPlatformsUsingUImage = [ + "arc" + "arm" + "csky" + "mips" + "powerpc" + "sh" + "sparc" + "xtensa" + ]; + needsUbootTools = lib.elem stdenv.hostPlatform.linuxArch linuxPlatformsUsingUImage; + + configHelpers = + let + attrName = attr: "CONFIG_" + attr; + in + { + isSet = attr: hasAttr (attrName attr) config; + + getValue = attr: if configHelpers.isSet attr then getAttr (attrName attr) config else null; + + isYes = attr: (configHelpers.getValue attr) == "y"; + + isNo = attr: (configHelpers.getValue attr) == "n"; + + isModule = attr: (configHelpers.getValue attr) == "m"; + + isEnabled = attr: (configHelpers.isModule attr) || (configHelpers.isYes attr); + + isDisabled = attr: (!(configHelpers.isSet attr)) || (configHelpers.isNo attr); + } + // config; + + isModular = configHelpers.isYes "MODULES"; + withRust = configHelpers.isYes "RUST"; + + target = stdenv.hostPlatform.linux-kernel.target or "vmlinux"; + + buildDTBs = stdenv.hostPlatform.linux-kernel.DTB or false; + + # Dependencies that are required to build kernel modules + moduleBuildDependencies = [ + pahole + perl + elfutils + # module makefiles often run uname commands to find out the kernel version + (buildPackages.deterministic-uname.override { inherit modDirVersion; }) + ] + ++ optional (lib.versionAtLeast version "5.13") zstd + ++ optionals withRust [ + rustc-unwrapped + rust-bindgen-unwrapped + ]; + in + + stdenv.mkDerivation { + inherit pname version src; + + __structuredAttrs = true; + + enableParallelBuilding = true; + + hardeningDisable = [ + "bindnow" + "format" + "fortify" + "stackprotector" + "pic" + "pie" + ]; + + ${if isModular then "outputs" else null} = [ + "out" + "dev" + "modules" + ]; + + # We remove a bunch of stuff that is symlinked from other places to save space, + # which trips the broken symlink check. So, just skip it. We'll know if it explodes. + dontCheckForBrokenSymlinks = true; + + patches = + # kernelPatches can contain config changes and no actual patch + lib.filter (p: p != null) (map (p: p.patch) kernelPatches) + # Required for deterministic builds along with some postPatch magic. + ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch + ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch + # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks + # OpenZFS; this was fixed in Linux 5.19 so we backport the fix + # https://github.com/openzfs/zfs/pull/13367 + ++ + optional + ( + lib.versionAtLeast version "5.12" && lib.versionOlder version "5.19" && stdenv.hostPlatform.isPower + ) + (fetchpatch { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; + hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; + }); + + buildFlags = [ + "KBUILD_BUILD_VERSION=1-NixOS" + stdenv.hostPlatform.linux-kernel.target + "vmlinux" # for "perf" and things like that + "scripts_gdb" + ] + ++ optional isModular "modules" + ++ optionals buildDTBs [ + "dtbs" + "DTC_FLAGS=-@" + ] + ++ extraMakeFlags; + + installFlags = [ + "INSTALL_PATH=${placeholder "out"}" + ] + ++ (optional isModular "INSTALL_MOD_PATH=${placeholder "modules"}") + ++ optionals buildDTBs [ + "dtbs_install" + "INSTALL_DTBS_PATH=${placeholder "out"}/dtbs" + ]; + + depsBuildBuild = [ buildPackages.stdenv.cc ]; + nativeBuildInputs = [ + bison + flex + perl + bc + openssl + rsync + gmp + libmpc + mpfr + elfutils + zstd + python3Minimal + kmod + hexdump + ] + ++ optional needsUbootTools ubootTools + ++ optionals (lib.versionAtLeast version "5.2") [ + cpio + pahole + zlib + ] + ++ optionals withRust [ + rustc-unwrapped + rust-bindgen-unwrapped + ]; + + env = { + RUST_LIB_SRC = lib.optionalString withRust rustPlatform.rustLibSrc; + + # avoid leaking Rust source file names into the final binary, which adds + # a false dependency on rust-lib-src on targets with uncompressed kernels + KRUSTFLAGS = lib.optionalString withRust "--remap-path-prefix ${rustPlatform.rustLibSrc}=/"; + }; + + makeFlags = [ + "O=$(buildRoot)" + + # We have a `modules` variable in the environment for our + # split output, but the kernel Makefiles also define their + # own `modules` variable. Their definition wins, but Make + # remembers that the variable was originally from the + # environment and exports it to all the build recipes. This + # breaks the build with an “Argument list too long” error due + # to passing the huge list of every module object file in the + # environment of every process invoked by every build recipe. + # + # We use `--eval` here to undefine the inherited environment + # variable before any Makefiles are read, ensuring that the + # kernel’s definition creates a new, unexported variable. + "--eval=undefine modules" + ] + ++ commonMakeFlags; + + postPatch = '' + # Ensure that depmod gets resolved through PATH + sed -i Makefile -e 's|= /sbin/depmod|= depmod|' + + # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. + [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh + + # Set randstruct seed to a deterministic but diversified value. Note: + # we could have instead patched gen-random-seed.sh to take input from + # the buildFlags, but that would require also patching the kernel's + # toplevel Makefile to add a variable export. This would be likely to + # cause future patch conflicts. + for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do + if [ -f "$file" ]; then + substituteInPlace "$file" \ + --replace NIXOS_RANDSTRUCT_SEED \ + $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') + break + fi + done + + patchShebangs scripts + + # also patch arch-specific install scripts + for i in $(find arch -name install.sh); do + patchShebangs "$i" + done + + # unset $src because the build system tries to use it and spams a bunch of warnings + # see: https://github.com/torvalds/linux/commit/b1992c3772e69a6fd0e3fc81cd4d2820c8b6eca0 + unset src + ''; + + configurePhase = '' + runHook preConfigure + + mkdir build + export buildRoot="$(pwd)/build" + + echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" + + if [ -f "$buildRoot/.config" ]; then + echo "Could not link $buildRoot/.config : file exists" + exit 1 + fi + ln -sv ${configfile} $buildRoot/.config + + # reads the existing .config file and prompts the user for options in + # the current kernel source that are not found in the file. + make "''${makeFlags[@]}" oldconfig + runHook postConfigure + + make "''${makeFlags[@]}" prepare + actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" + if [ "$actualModDirVersion" != "${modDirVersion}" ]; then + echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" + exit 1 + fi + + buildFlags+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") + + cd $buildRoot + ''; + + postInstall = optionalString isModular '' + mkdir -p $dev + cp vmlinux $dev/ + + mkdir -p $dev/lib/modules/${modDirVersion}/build/scripts + cp -rL ../scripts/gdb/ $dev/lib/modules/${modDirVersion}/build/scripts + + if [ -z "''${dontStrip-}" ]; then + installFlags+=("INSTALL_MOD_STRIP=1") + fi + make modules_install "''${makeFlags[@]}" "''${installFlags[@]}" + unlink $modules/lib/modules/${modDirVersion}/build + + mkdir -p $dev/lib/modules/${modDirVersion}/{build,source} + + # To save space, exclude a bunch of unneeded stuff when copying. + (cd .. && rsync --archive --prune-empty-dirs \ + --exclude='/build/' \ + * $dev/lib/modules/${modDirVersion}/source/) + + cd $dev/lib/modules/${modDirVersion}/source + + cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build + make modules_prepare "''${makeFlags[@]}" O=$dev/lib/modules/${modDirVersion}/build + + # For reproducibility, removes accidental leftovers from a `cc1` call + # from a `try-run` call from the Makefile + rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d + + # Keep some extra files on some arches (powerpc, aarch64) + for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o; do + if [ -f "$buildRoot/$f" ]; then + mkdir -p "$(dirname $dev/lib/modules/${modDirVersion}/build/$f)" + cp $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f + fi + done + + # !!! No documentation on how much of the source tree must be kept + # If/when kernel builds fail due to missing files, you can add + # them here. Note that we may see packages requiring headers + # from drivers/ in the future; it adds 50M to keep all of its + # headers on 3.10 though. + + chmod u+w -R .. + buildArchDir="$dev/lib/modules/${modDirVersion}/build/arch" + + # Remove unused arches + for d in $(cd arch/; ls); do + if [ -d "$buildArchDir/$d" ]; then continue; fi + if [ -d "$buildArchDir/arm64" ] && [ "$d" = arm ]; then continue; fi + rm -rf arch/$d + done + + # Remove all driver-specific code (50M of which is headers) + rm -fR drivers + + # Keep all headers + find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w + + # Keep linker scripts (they are required for out-of-tree modules on aarch64) + find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w + + # Keep root and arch-specific Makefiles + chmod u-w Makefile arch/*/Makefile* + + # Keep whole scripts dir + chmod u-w -R scripts + + # Delete everything not kept + find . -type f -perm -u=w -print0 | xargs -0 -r rm + + # Delete empty directories + find -empty -type d -delete + ''; + + preInstall = + let + # All we really need to do here is copy the final image and System.map to $out, + # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets + # for the rest. Easy, right? + # + # Unfortunately for us, the obvious way of getting the built image path, + # make -s image_name, does not work correctly, because some architectures + # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, + # so we end up attempting to install the thing we didn't actually build. + # + # Thankfully, there's a way out that doesn't involve just hardcoding everything. + # + # The kernel has an install target, which runs a pretty simple shell script + # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on + # which kernel version you're looking at) that tries to do something sensible. + # + # (it would be great to hijack this script immediately, as it has all the + # information we need passed to it and we don't need it to try and be smart, + # but unfortunately, the exact location of the scripts differs between kernel + # versions, and they're seemingly not considered to be public API at all) + # + # One of the ways it tries to discover what "something sensible" actually is + # is by delegating to what's supposed to be a user-provided install script + # located at ~/bin/installkernel. + # + # (the other options are: + # - a distribution-specific script at /sbin/installkernel, + # which we can't really create in the sandbox easily + # - an architecture-specific script at arch/$arch/boot/install.sh, + # which attempts to guess _something_ and usually guesses very wrong) + # + # More specifically, the install script exec's into ~/bin/installkernel, if one + # exists, with the following arguments: + # + # $1: $KERNELRELEASE - full kernel version string + # $2: $KBUILD_IMAGE - the final image path + # $3: System.map - path to System.map file, seemingly hardcoded everywhere + # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags + # + # $2 is exactly what we want, so hijack the script and use the knowledge given to it + # by the makefile overlords for our own nefarious ends. + # + # Note that the makefiles specifically look in ~/bin/installkernel, and + # writeShellScriptBin writes the script to /bin/installkernel, + # so HOME needs to be set to just the store path. + # + # FIXME: figure out a less roundabout way of doing this. + installkernel = buildPackages.writeShellScriptBin "installkernel" '' + cp -av $2 $4 + cp -av $3 $4 + ''; + in + '' + installFlags+=("-j$NIX_BUILD_CORES") + export HOME=${installkernel} + ''; + + requiredSystemFeatures = [ "big-parallel" ]; + + passthru = rec { + inherit + version + modDirVersion + config + kernelPatches + configfile + moduleBuildDependencies + stdenv + commonMakeFlags + ; + inherit + isZen + isHardened + isLibre + withRust + ; + isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; + baseVersion = lib.head (lib.splitString "-rc" version); + kernelOlder = lib.versionOlder baseVersion; + kernelAtLeast = lib.versionAtLeast baseVersion; + }; + + # Some image types need special install targets (e.g. uImage is installed with make uinstall on arm) + installTargets = [ + (stdenv.hostPlatform.linux-kernel.installTarget or ( + if target == "uImage" && stdenv.hostPlatform.linuxArch == "arm" then + "uinstall" + else if + (target == "zImage" || target == "Image.gz" || target == "vmlinuz.efi") + && builtins.elem stdenv.hostPlatform.linuxArch [ + "arm" + "arm64" + "parisc" + "riscv" + ] + then + "zinstall" + else + "install" + ) + ) + ]; + + karch = stdenv.hostPlatform.linuxArch; + + meta = { + # https://github.com/NixOS/nixpkgs/pull/345534#issuecomment-2391238381 + broken = withRust && lib.versionOlder version "6.12"; + + description = + "The Linux kernel" + + ( + if kernelPatches == [ ] then + "" + else + " (with patches: " + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) + ")" + ); + license = lib.licenses.gpl2Only; + homepage = "https://www.kernel.org/"; + maintainers = [ maintainers.thoughtpolice ]; + teams = [ teams.linux-kernel ]; + platforms = platforms.linux; + badPlatforms = + lib.optionals (lib.versionOlder version "4.15") [ + "riscv32-linux" + "riscv64-linux" + ] + ++ lib.optional (lib.versionOlder version "5.19") "loongarch64-linux"; + timeout = 14400; # 4 hours + identifiers.cpeParts = { + part = "o"; + vendor = "linux"; + product = "linux_kernel"; + inherit version; + update = "*"; + }; + } + // extraMeta; + } +) diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index cd3fc4a73b21..8eecd334df70 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -24,6 +24,8 @@ let overridableKernel = lib.makeOverridable ( # The kernel source tarball. { + pname ? "linux", + src, # The kernel version. @@ -96,25 +98,6 @@ let # files. let - # Dirty hack to make sure that `version` & `src` have - # `` as position - # when using `builtins.unsafeGetAttrPos`. - # - # This is to make sure that ofborg actually detects changes in the kernel derivation - # and pings all maintainers. - # - # For further context, see https://github.com/NixOS/nixpkgs/pull/143113#issuecomment-953319957 - basicArgs = removeAttrs args ( - lib.filter ( - x: - !(builtins.elem x [ - "version" - "pname" - "src" - ]) - ) (lib.attrNames args) - ); - # Combine the `features' attribute sets of all the kernel patches. kernelFeatures = lib.foldr (x: y: (x.features or { }) // y) ( { @@ -298,26 +281,25 @@ let }; }; # end of configfile derivation - kernel = (callPackage ./manual-config.nix { inherit lib stdenv buildPackages; }) ( - basicArgs - // { - inherit - kernelPatches - randstructSeed - extraMakeFlags - extraMeta - configfile - modDirVersion - ; - pos = builtins.unsafeGetAttrPos "version" args; + kernel = (callPackage ./build.nix { inherit lib stdenv buildPackages; }) { + inherit + pname + version + src + kernelPatches + randstructSeed + extraMakeFlags + extraMeta + configfile + modDirVersion + ; - config = { - CONFIG_MODULES = "y"; - CONFIG_FW_LOADER = "y"; - CONFIG_RUST = if withRust then "y" else "n"; - }; - } - ); + config = { + CONFIG_MODULES = "y"; + CONFIG_FW_LOADER = "y"; + CONFIG_RUST = if withRust then "y" else "n"; + }; + }; in kernel.overrideAttrs ( @@ -326,7 +308,6 @@ let passthru = previousAttrs.passthru or { } // extraPassthru - // basicArgs // { features = kernelFeatures; inherit diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index f9138a4b60ed..c8661d3a0fb0 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -2,11 +2,11 @@ "6.12": { "patch": { "extra": "-hardened1", - "name": "linux-hardened-v6.12.43-hardened1.patch", - "sha256": "10hp4718agz7bj4wnis7g1c8ahnwn5917a5v88y9iwawrjm9148v", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.12.43-hardened1/linux-hardened-v6.12.43-hardened1.patch" + "name": "linux-hardened-v6.12.50-hardened1.patch", + "sha256": "0bzq364d6i7wis9sdljjkzmbvjnv45hmyqikmxagps2rdh57916p", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/v6.12.50-hardened1/linux-hardened-v6.12.50-hardened1.patch" }, - "sha256": "1vmxywg11z946i806sg7rk7jr9px87spmwwbzjxpps2nsjybpjqg", - "version": "6.12.43" + "sha256": "19bjzhxasj4r6m1lhsa486a96axfigbm06kqa2lwa7y2s5sbsdf4", + "version": "6.12.50" } } diff --git a/pkgs/os-specific/linux/kernel/manual-config.nix b/pkgs/os-specific/linux/kernel/manual-config.nix deleted file mode 100644 index 33dcd77fcbb3..000000000000 --- a/pkgs/os-specific/linux/kernel/manual-config.nix +++ /dev/null @@ -1,605 +0,0 @@ -{ - lib, - stdenv, - buildPackages, - bc, - bison, - flex, - perl, - rsync, - gmp, - libmpc, - mpfr, - openssl, - cpio, - elfutils, - hexdump, - zstd, - python3Minimal, - zlib, - pahole, - kmod, - ubootTools, - fetchpatch, - rustc-unwrapped, - rust-bindgen-unwrapped, - rustPlatform, -}: - -let - lib_ = lib; - stdenv_ = stdenv; - - readConfig = - configfile: - let - matchLine = - line: - let - match = lib.match "(CONFIG_[^=]+)=([ym])" line; - in - lib.optional (match != null) { - name = lib.elemAt match 0; - value = lib.elemAt match 1; - }; - in - lib.listToAttrs (lib.concatMap matchLine (lib.splitString "\n" (builtins.readFile configfile))); -in -lib.makeOverridable ( - { - # The kernel version - version, - # The kernel pname (should be set for variants) - pname ? "linux", - # Position of the Linux build expression - pos ? null, - # Additional kernel make flags - extraMakeFlags ? [ ], - # The name of the kernel module directory - # Needs to be X.Y.Z[-extra], so pad with zeros if needed. - modDirVersion ? null, # derive from version - # The kernel source (tarball, git checkout, etc.) - src, - # a list of { name=..., patch=..., extraConfig=...} patches - kernelPatches ? [ ], - # The kernel .config file - configfile, - # Manually specified nixexpr representing the config - # If unspecified, this will be autodetected from the .config - config ? lib.optionalAttrs (builtins.isPath configfile || allowImportFromDerivation) ( - readConfig configfile - ), - # Custom seed used for CONFIG_GCC_PLUGIN_RANDSTRUCT if enabled. This is - # automatically extended with extra per-version and per-config values. - randstructSeed ? "", - # Extra meta attributes - extraMeta ? { }, - - # for module compatibility - isZen ? false, - isLibre ? false, - isHardened ? false, - - # Whether to utilize the controversial import-from-derivation feature to parse the config - allowImportFromDerivation ? false, - # ignored - features ? null, - lib ? lib_, - stdenv ? stdenv_, - }: - - let - # Provide defaults. Note that we support `null` so that callers don't need to use optionalAttrs, - # which can lead to unnecessary strictness and infinite recursions. - modDirVersion_ = if modDirVersion == null then lib.versions.pad 3 version else modDirVersion; - in - let - # Shadow the un-defaulted parameter; don't want null. - modDirVersion = modDirVersion_; - inherit (lib) - hasAttr - getAttr - optional - optionals - optionalString - optionalAttrs - maintainers - teams - platforms - ; - - drvAttrs = - config_: kernelConf: kernelPatches: configfile: - let - # Folding in `ubootTools` in the default nativeBuildInputs is problematic, as - # it makes updating U-Boot cumbersome, since it will go above the current - # threshold of rebuilds - # - # To prevent these needless rounds of staging for U-Boot builds, we can - # limit the inclusion of ubootTools to target platforms where uImage *may* - # be produced. - # - # This command lists those (kernel-named) platforms: - # .../linux $ grep -l uImage ./arch/*/Makefile | cut -d'/' -f3 | sort - # - # This is still a guesstimation, but since none of our cached platforms - # coincide in that list, this gives us "perfect" decoupling here. - linuxPlatformsUsingUImage = [ - "arc" - "arm" - "csky" - "mips" - "powerpc" - "sh" - "sparc" - "xtensa" - ]; - needsUbootTools = lib.elem stdenv.hostPlatform.linuxArch linuxPlatformsUsingUImage; - - config = - let - attrName = attr: "CONFIG_" + attr; - in - { - isSet = attr: hasAttr (attrName attr) config; - - getValue = attr: if config.isSet attr then getAttr (attrName attr) config else null; - - isYes = attr: (config.getValue attr) == "y"; - - isNo = attr: (config.getValue attr) == "n"; - - isModule = attr: (config.getValue attr) == "m"; - - isEnabled = attr: (config.isModule attr) || (config.isYes attr); - - isDisabled = attr: (!(config.isSet attr)) || (config.isNo attr); - } - // config_; - - isModular = config.isYes "MODULES"; - withRust = config.isYes "RUST"; - - target = kernelConf.target or "vmlinux"; - - buildDTBs = kernelConf.DTB or false; - - # Dependencies that are required to build kernel modules - moduleBuildDependencies = [ - pahole - perl - elfutils - # module makefiles often run uname commands to find out the kernel version - (buildPackages.deterministic-uname.override { inherit modDirVersion; }) - ] - ++ optional (lib.versionAtLeast version "5.13") zstd - ++ optionals withRust [ - rustc-unwrapped - rust-bindgen-unwrapped - ]; - - in - (optionalAttrs isModular { - outputs = [ - "out" - "dev" - "modules" - ]; - }) - // { - __structuredAttrs = true; - - passthru = rec { - inherit - version - modDirVersion - config - kernelPatches - configfile - moduleBuildDependencies - stdenv - ; - inherit - isZen - isHardened - isLibre - withRust - ; - isXen = lib.warn "The isXen attribute is deprecated. All Nixpkgs kernels that support it now have Xen enabled." true; - baseVersion = lib.head (lib.splitString "-rc" version); - kernelOlder = lib.versionOlder baseVersion; - kernelAtLeast = lib.versionAtLeast baseVersion; - }; - - inherit src; - - depsBuildBuild = [ buildPackages.stdenv.cc ]; - nativeBuildInputs = [ - bison - flex - perl - bc - openssl - rsync - gmp - libmpc - mpfr - elfutils - zstd - python3Minimal - kmod - hexdump - ] - ++ optional needsUbootTools ubootTools - ++ optionals (lib.versionAtLeast version "5.2") [ - cpio - pahole - zlib - ] - ++ optionals withRust [ - rustc-unwrapped - rust-bindgen-unwrapped - ]; - - env = { - RUST_LIB_SRC = lib.optionalString withRust rustPlatform.rustLibSrc; - - # avoid leaking Rust source file names into the final binary, which adds - # a false dependency on rust-lib-src on targets with uncompressed kernels - KRUSTFLAGS = lib.optionalString withRust "--remap-path-prefix ${rustPlatform.rustLibSrc}=/"; - }; - - patches = - # kernelPatches can contain config changes and no actual patch - lib.filter (p: p != null) (map (p: p.patch) kernelPatches) - # Required for deterministic builds along with some postPatch magic. - ++ optional (lib.versionOlder version "5.19") ./randstruct-provide-seed.patch - ++ optional (lib.versionAtLeast version "5.19") ./randstruct-provide-seed-5.19.patch - # Linux 5.12 marked certain PowerPC-only symbols as GPL, which breaks - # OpenZFS; this was fixed in Linux 5.19 so we backport the fix - # https://github.com/openzfs/zfs/pull/13367 - ++ - optional - ( - lib.versionAtLeast version "5.12" && lib.versionOlder version "5.19" && stdenv.hostPlatform.isPower - ) - (fetchpatch { - url = "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/patch/?id=d9e5c3e9e75162f845880535957b7fd0b4637d23"; - hash = "sha256-bBOyJcP6jUvozFJU0SPTOf3cmnTQ6ZZ4PlHjiniHXLU="; - }); - - postPatch = '' - # Ensure that depmod gets resolved through PATH - sed -i Makefile -e 's|= /sbin/depmod|= depmod|' - - # Some linux-hardened patches now remove certain files in the scripts directory, so the file may not exist. - [[ -f scripts/ld-version.sh ]] && patchShebangs scripts/ld-version.sh - - # Set randstruct seed to a deterministic but diversified value. Note: - # we could have instead patched gen-random-seed.sh to take input from - # the buildFlags, but that would require also patching the kernel's - # toplevel Makefile to add a variable export. This would be likely to - # cause future patch conflicts. - for file in scripts/gen-randstruct-seed.sh scripts/gcc-plugins/gen-random-seed.sh; do - if [ -f "$file" ]; then - substituteInPlace "$file" \ - --replace NIXOS_RANDSTRUCT_SEED \ - $(echo ${randstructSeed}${src} ${placeholder "configfile"} | sha256sum | cut -d ' ' -f 1 | tr -d '\n') - break - fi - done - - patchShebangs scripts - - # also patch arch-specific install scripts - for i in $(find arch -name install.sh); do - patchShebangs "$i" - done - - # unset $src because the build system tries to use it and spams a bunch of warnings - # see: https://github.com/torvalds/linux/commit/b1992c3772e69a6fd0e3fc81cd4d2820c8b6eca0 - unset src - ''; - - configurePhase = '' - runHook preConfigure - - mkdir build - export buildRoot="$(pwd)/build" - - echo "manual-config configurePhase buildRoot=$buildRoot pwd=$PWD" - - if [ -f "$buildRoot/.config" ]; then - echo "Could not link $buildRoot/.config : file exists" - exit 1 - fi - ln -sv ${configfile} $buildRoot/.config - - # reads the existing .config file and prompts the user for options in - # the current kernel source that are not found in the file. - make "''${makeFlags[@]}" oldconfig - runHook postConfigure - - make "''${makeFlags[@]}" prepare - actualModDirVersion="$(cat $buildRoot/include/config/kernel.release)" - if [ "$actualModDirVersion" != "${modDirVersion}" ]; then - echo "Error: modDirVersion ${modDirVersion} specified in the Nix expression is wrong, it should be: $actualModDirVersion" - exit 1 - fi - - buildFlags+=("KBUILD_BUILD_TIMESTAMP=$(date -u -d @$SOURCE_DATE_EPOCH)") - - cd $buildRoot - ''; - - buildFlags = [ - "KBUILD_BUILD_VERSION=1-NixOS" - target - "vmlinux" # for "perf" and things like that - "scripts_gdb" - ] - ++ optional isModular "modules" - ++ optionals buildDTBs [ - "dtbs" - "DTC_FLAGS=-@" - ] - ++ extraMakeFlags; - - installFlags = [ - "INSTALL_PATH=${placeholder "out"}" - ] - ++ (optional isModular "INSTALL_MOD_PATH=${placeholder "modules"}") - ++ optionals buildDTBs [ - "dtbs_install" - "INSTALL_DTBS_PATH=${placeholder "out"}/dtbs" - ]; - - preInstall = - let - # All we really need to do here is copy the final image and System.map to $out, - # and use the kernel's modules_install, firmware_install, dtbs_install, etc. targets - # for the rest. Easy, right? - # - # Unfortunately for us, the obvious way of getting the built image path, - # make -s image_name, does not work correctly, because some architectures - # (*cough* aarch64 *cough*) change KBUILD_IMAGE on the fly in their install targets, - # so we end up attempting to install the thing we didn't actually build. - # - # Thankfully, there's a way out that doesn't involve just hardcoding everything. - # - # The kernel has an install target, which runs a pretty simple shell script - # (located at scripts/install.sh or arch/$arch/boot/install.sh, depending on - # which kernel version you're looking at) that tries to do something sensible. - # - # (it would be great to hijack this script immediately, as it has all the - # information we need passed to it and we don't need it to try and be smart, - # but unfortunately, the exact location of the scripts differs between kernel - # versions, and they're seemingly not considered to be public API at all) - # - # One of the ways it tries to discover what "something sensible" actually is - # is by delegating to what's supposed to be a user-provided install script - # located at ~/bin/installkernel. - # - # (the other options are: - # - a distribution-specific script at /sbin/installkernel, - # which we can't really create in the sandbox easily - # - an architecture-specific script at arch/$arch/boot/install.sh, - # which attempts to guess _something_ and usually guesses very wrong) - # - # More specifically, the install script exec's into ~/bin/installkernel, if one - # exists, with the following arguments: - # - # $1: $KERNELRELEASE - full kernel version string - # $2: $KBUILD_IMAGE - the final image path - # $3: System.map - path to System.map file, seemingly hardcoded everywhere - # $4: $INSTALL_PATH - path to the destination directory as specified in installFlags - # - # $2 is exactly what we want, so hijack the script and use the knowledge given to it - # by the makefile overlords for our own nefarious ends. - # - # Note that the makefiles specifically look in ~/bin/installkernel, and - # writeShellScriptBin writes the script to /bin/installkernel, - # so HOME needs to be set to just the store path. - # - # FIXME: figure out a less roundabout way of doing this. - installkernel = buildPackages.writeShellScriptBin "installkernel" '' - cp -av $2 $4 - cp -av $3 $4 - ''; - in - '' - installFlags+=("-j$NIX_BUILD_CORES") - export HOME=${installkernel} - ''; - - # Some image types need special install targets (e.g. uImage is installed with make uinstall on arm) - installTargets = [ - (kernelConf.installTarget or ( - if target == "uImage" && stdenv.hostPlatform.linuxArch == "arm" then - "uinstall" - else if - (target == "zImage" || target == "Image.gz" || target == "vmlinuz.efi") - && builtins.elem stdenv.hostPlatform.linuxArch [ - "arm" - "arm64" - "parisc" - "riscv" - ] - then - "zinstall" - else - "install" - ) - ) - ]; - - # We remove a bunch of stuff that is symlinked from other places to save space, - # which trips the broken symlink check. So, just skip it. We'll know if it explodes. - dontCheckForBrokenSymlinks = true; - - postInstall = optionalString isModular '' - mkdir -p $dev - cp vmlinux $dev/ - - mkdir -p $dev/lib/modules/${modDirVersion}/build/scripts - cp -rL ../scripts/gdb/ $dev/lib/modules/${modDirVersion}/build/scripts - - if [ -z "''${dontStrip-}" ]; then - installFlags+=("INSTALL_MOD_STRIP=1") - fi - make modules_install "''${makeFlags[@]}" "''${installFlags[@]}" - unlink $modules/lib/modules/${modDirVersion}/build - - mkdir -p $dev/lib/modules/${modDirVersion}/{build,source} - - # To save space, exclude a bunch of unneeded stuff when copying. - (cd .. && rsync --archive --prune-empty-dirs \ - --exclude='/build/' \ - * $dev/lib/modules/${modDirVersion}/source/) - - cd $dev/lib/modules/${modDirVersion}/source - - cp $buildRoot/{.config,Module.symvers} $dev/lib/modules/${modDirVersion}/build - make modules_prepare "''${makeFlags[@]}" O=$dev/lib/modules/${modDirVersion}/build - - # For reproducibility, removes accidental leftovers from a `cc1` call - # from a `try-run` call from the Makefile - rm -f $dev/lib/modules/${modDirVersion}/build/.[0-9]*.d - - # Keep some extra files on some arches (powerpc, aarch64) - for f in arch/powerpc/lib/crtsavres.o arch/arm64/kernel/ftrace-mod.o; do - if [ -f "$buildRoot/$f" ]; then - mkdir -p "$(dirname $dev/lib/modules/${modDirVersion}/build/$f)" - cp $buildRoot/$f $dev/lib/modules/${modDirVersion}/build/$f - fi - done - - # !!! No documentation on how much of the source tree must be kept - # If/when kernel builds fail due to missing files, you can add - # them here. Note that we may see packages requiring headers - # from drivers/ in the future; it adds 50M to keep all of its - # headers on 3.10 though. - - chmod u+w -R .. - buildArchDir="$dev/lib/modules/${modDirVersion}/build/arch" - - # Remove unused arches - for d in $(cd arch/; ls); do - if [ -d "$buildArchDir/$d" ]; then continue; fi - if [ -d "$buildArchDir/arm64" ] && [ "$d" = arm ]; then continue; fi - rm -rf arch/$d - done - - # Remove all driver-specific code (50M of which is headers) - rm -fR drivers - - # Keep all headers - find . -type f -name '*.h' -print0 | xargs -0 -r chmod u-w - - # Keep linker scripts (they are required for out-of-tree modules on aarch64) - find . -type f -name '*.lds' -print0 | xargs -0 -r chmod u-w - - # Keep root and arch-specific Makefiles - chmod u-w Makefile arch/*/Makefile* - - # Keep whole scripts dir - chmod u-w -R scripts - - # Delete everything not kept - find . -type f -perm -u=w -print0 | xargs -0 -r rm - - # Delete empty directories - find -empty -type d -delete - ''; - - requiredSystemFeatures = [ "big-parallel" ]; - - meta = { - # https://github.com/NixOS/nixpkgs/pull/345534#issuecomment-2391238381 - broken = withRust && lib.versionOlder version "6.12"; - - description = - "The Linux kernel" - + ( - if kernelPatches == [ ] then - "" - else - " (with patches: " + lib.concatStringsSep ", " (map (x: x.name) kernelPatches) + ")" - ); - license = lib.licenses.gpl2Only; - homepage = "https://www.kernel.org/"; - maintainers = [ maintainers.thoughtpolice ]; - teams = [ teams.linux-kernel ]; - platforms = platforms.linux; - badPlatforms = - lib.optionals (lib.versionOlder version "4.15") [ - "riscv32-linux" - "riscv64-linux" - ] - ++ lib.optional (lib.versionOlder version "5.19") "loongarch64-linux"; - timeout = 14400; # 4 hours - identifiers.cpeParts = { - part = "o"; - vendor = "linux"; - product = "linux_kernel"; - inherit version; - update = "*"; - }; - } - // extraMeta; - }; - - commonMakeFlags = import ./common-flags.nix { - inherit - lib - stdenv - buildPackages - extraMakeFlags - ; - }; - in - - stdenv.mkDerivation ( - builtins.foldl' lib.recursiveUpdate { } [ - (drvAttrs config stdenv.hostPlatform.linux-kernel kernelPatches configfile) - { - inherit pname version; - - enableParallelBuilding = true; - - hardeningDisable = [ - "bindnow" - "format" - "fortify" - "stackprotector" - "pic" - "pie" - ]; - - makeFlags = [ - "O=$(buildRoot)" - - # We have a `modules` variable in the environment for our - # split output, but the kernel Makefiles also define their - # own `modules` variable. Their definition wins, but Make - # remembers that the variable was originally from the - # environment and exports it to all the build recipes. This - # breaks the build with an “Argument list too long” error due - # to passing the huge list of every module object file in the - # environment of every process invoked by every build recipe. - # - # We use `--eval` here to undefine the inherited environment - # variable before any Makefiles are read, ensuring that the - # kernel’s definition creates a new, unexported variable. - "--eval=undefine modules" - ] - ++ commonMakeFlags; - - passthru = { inherit commonMakeFlags; }; - - karch = stdenv.hostPlatform.linuxArch; - } - (optionalAttrs (pos != null) { inherit pos; }) - ] - ) -) diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix index d08ce40a4f20..e6ec7052f1fc 100644 --- a/pkgs/os-specific/linux/kernel/zen-kernels.nix +++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix @@ -23,9 +23,9 @@ let }; # ./update-zen.py lqx lqx = { - version = "6.17.4"; # lqx + version = "6.17.5"; # lqx suffix = "lqx1"; # lqx - sha256 = "0i45jbxm9bzb43wjqzbc6nkspj93b9fi1vv7zlrvydwphlg3xwwn"; # lqx + sha256 = "1jgwpxw1h27kphj0rrf1b9dbhj4jlycr6lnykv8dhf3m0p5vjn46"; # lqx isLqx = true; }; }; diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix index 5f495f89f11a..2744e04aee8d 100644 --- a/pkgs/tools/networking/openssh/common.nix +++ b/pkgs/tools/networking/openssh/common.nix @@ -18,6 +18,7 @@ fetchurl, fetchpatch, autoreconfHook, + audit, zlib, openssl, softhsm, @@ -36,7 +37,7 @@ nixosTests, withSecurityKey ? !stdenv.hostPlatform.isStatic, withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl && withSecurityKey, - withPAM ? stdenv.hostPlatform.isLinux, + withPAM ? stdenv.hostPlatform.isLinux && !stdenv.hostPlatform.isStatic, # Attempts to mlock the entire sshd process on startup to prevent swapping. # Currently disabled when PAM support is enabled due to crashes # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103418 @@ -87,7 +88,8 @@ stdenv.mkDerivation (finalAttrs: { ++ lib.optional withFIDO libfido2 ++ lib.optional withKerberos krb5 ++ lib.optional withLdns ldns - ++ lib.optional withPAM pam; + ++ lib.optional withPAM pam + ++ lib.optional stdenv.hostPlatform.isStatic audit; preConfigure = '' # Setting LD causes `configure' and `make' to disagree about which linker @@ -164,9 +166,7 @@ stdenv.mkDerivation (finalAttrs: { # invoked directly and those invoked by the "remote" session cat > ~/.ssh/environment.base <